fail2ban-commit — Fail2ban commit notification list

[Fail2ban-commit] SF.net SVN: fail2ban: [618] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 618
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=618&view=rev
Author:   lostcontrol
Date:     2007-09-05 13:43:47 -0700 (Wed, 05 Sep 2007)

Log Message:
-----------
- Fixed timezone bug with epoch date template. Thanks to Michael Hanselmann

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/server/dateepoch.py

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-08-27 21:25:56 UTC (rev 617)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-09-05 20:43:47 UTC (rev 618)
@@ -12,6 +12,8 @@
 - Fixed named filter. Thanks to Yaroslav Halchenko
 - Fixed wrong path for apache-auth in jail.conf. Thanks to
   Vincent Deffontaines
+- Fixed timezone bug with epoch date template. Thanks to
+  Michael Hanselmann
 
 ver. 0.8.1 (2007/08/14) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/server/dateepoch.py
===================================================================
--- branches/FAIL2BAN-0_8/server/dateepoch.py	2007-08-27 21:25:56 UTC (rev 617)
+++ branches/FAIL2BAN-0_8/server/dateepoch.py	2007-09-05 20:43:47 UTC (rev 618)
@@ -40,5 +40,5 @@
 		dateMatch = self.matchDate(line)
 		if dateMatch:
 			# extract part of format which represents seconds since epoch
-			date = list(time.gmtime(float(dateMatch.group())))
+			date = list(time.localtime(float(dateMatch.group())))
 		return date


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [617] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 617
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=617&view=rev
Author:   lostcontrol
Date:     2007-08-27 14:25:56 -0700 (Mon, 27 Aug 2007)

Log Message:
-----------
- Fixed wrong path for apache-auth in jail.conf. Thanks to Vincent Deffontaines

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/config/jail.conf

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-08-27 21:03:33 UTC (rev 616)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-08-27 21:25:56 UTC (rev 617)
@@ -10,6 +10,8 @@
 ver. 0.8.2 (2007/??/??) - stable
 ----------
 - Fixed named filter. Thanks to Yaroslav Halchenko
+- Fixed wrong path for apache-auth in jail.conf. Thanks to
+  Vincent Deffontaines
 
 ver. 0.8.1 (2007/08/14) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/config/jail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/jail.conf	2007-08-27 21:03:33 UTC (rev 616)
+++ branches/FAIL2BAN-0_8/config/jail.conf	2007-08-27 21:25:56 UTC (rev 617)
@@ -89,8 +89,8 @@
 enabled  = false
 filter	 = apache-auth
 action   = hostsdeny
-logpath  = /var/log/apache*/*access.log
-           /home/www/myhomepage/access.log
+logpath  = /var/log/apache*/*error.log
+           /home/www/myhomepage/error.log
 maxretry = 6
 
 # The hosts.deny path can be defined with the "file" argument if it is


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [616] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 616
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=616&view=rev
Author:   lostcontrol
Date:     2007-08-27 14:03:33 -0700 (Mon, 27 Aug 2007)

Log Message:
-----------
- Fixed named filter. Thanks to Yaroslav Halchenko

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf
    branches/FAIL2BAN-0_8/config/jail.conf

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-08-14 21:44:58 UTC (rev 615)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-08-27 21:03:33 UTC (rev 616)
@@ -4,9 +4,13 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.8.1)                           2007/08/14
+Fail2Ban (version 0.8.2)                           2007/??/??
 =============================================================
 
+ver. 0.8.2 (2007/??/??) - stable
+----------
+- Fixed named filter. Thanks to Yaroslav Halchenko
+
 ver. 0.8.1 (2007/08/14) - stable
 ----------
 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid

Modified: branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf	2007-08-14 21:44:58 UTC (rev 615)
+++ branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf	2007-08-27 21:03:33 UTC (rev 616)
@@ -9,10 +9,8 @@
 
 [Definition]
 
-# if you want to catch only login erros from specific daemons, use smth like
-#_named_rcodes=(?:REFUSED|SERVFAIL)
-# To catch all REFUSED queries only
-_named_rcodes=REFUSED
+# 
+# Daemon name
 _daemon=named
 
 #
@@ -28,7 +26,6 @@
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT
 #
-failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
-		    %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
+failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
 
 

Modified: branches/FAIL2BAN-0_8/config/jail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/jail.conf	2007-08-14 21:44:58 UTC (rev 615)
+++ branches/FAIL2BAN-0_8/config/jail.conf	2007-08-27 21:03:33 UTC (rev 616)
@@ -170,13 +170,13 @@
 # with bind9 installation. You will need something like this:
 #
 # logging {
-#     channel lame-servers_file {
-#         file "/var/log/named/lame-servers.log" versions 3 size 30m;
+#     channel security_file {
+#         file "/var/log/named/security.log" versions 3 size 30m;
 #         severity dynamic;
 #         print-time yes;
 #     };
-#     category lame-servers {
-#         lame-servers_file;
+#     category security {
+#         security_file;
 #     };
 # }
 #
@@ -189,7 +189,7 @@
 filter   = named-refused
 action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
            sendmail-whois[name=Named, dest=yo...@ma...]
-logpath  = /var/log/named/lame-servers.log
+logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1
 
 # This jail blocks TCP traffic for DNS requests.
@@ -200,6 +200,6 @@
 filter   = named-refused
 action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
            sendmail-whois[name=Named, dest=yo...@ma...]
-logpath  = /var/log/named/lame-servers.log
+logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1
 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [615] tags/FAIL2BAN-0_8_1/

[<los...@us...>]

Revision: 615
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=615&view=rev
Author:   lostcontrol
Date:     2007-08-14 14:44:58 -0700 (Tue, 14 Aug 2007)

Log Message:
-----------
- Tag for 0.8.1

Added Paths:
-----------
    tags/FAIL2BAN-0_8_1/

Copied: tags/FAIL2BAN-0_8_1 (from rev 614, branches/FAIL2BAN-0_8)


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [614] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 614
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=614&view=rev
Author:   lostcontrol
Date:     2007-08-14 14:39:15 -0700 (Tue, 14 Aug 2007)

Log Message:
-----------
- Prepared for 0.8.1

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/README
    branches/FAIL2BAN-0_8/common/version.py
    branches/FAIL2BAN-0_8/man/fail2ban-client.1
    branches/FAIL2BAN-0_8/man/fail2ban-regex.1
    branches/FAIL2BAN-0_8/man/fail2ban-server.1

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-08-13 21:39:26 UTC (rev 613)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-08-14 21:39:15 UTC (rev 614)
@@ -4,10 +4,10 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.8.1)                           2007/??/??
+Fail2Ban (version 0.8.1)                           2007/08/14
 =============================================================
 
-ver. 0.8.1 (2007/??/??) - stable
+ver. 0.8.1 (2007/08/14) - stable
 ----------
 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
 - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko

Modified: branches/FAIL2BAN-0_8/README
===================================================================
--- branches/FAIL2BAN-0_8/README	2007-08-13 21:39:26 UTC (rev 613)
+++ branches/FAIL2BAN-0_8/README	2007-08-14 21:39:15 UTC (rev 614)
@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.8.0)                           2007/05/03
+Fail2Ban (version 0.8.1)                           2007/08/14
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -28,8 +28,8 @@
 
 To install, just do:
 
-> tar xvfj fail2ban-0.8.0.tar.bz2
-> cd fail2ban-0.8.0
+> tar xvfj fail2ban-0.8.1.tar.bz2
+> cd fail2ban-0.8.1
 > python setup.py install
 
 This will install Fail2Ban into /usr/share/fail2ban. The

Modified: branches/FAIL2BAN-0_8/common/version.py
===================================================================
--- branches/FAIL2BAN-0_8/common/version.py	2007-08-13 21:39:26 UTC (rev 613)
+++ branches/FAIL2BAN-0_8/common/version.py	2007-08-14 21:39:15 UTC (rev 614)
@@ -24,4 +24,4 @@
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.8.0"
+version = "0.8.1"

Modified: branches/FAIL2BAN-0_8/man/fail2ban-client.1
===================================================================
--- branches/FAIL2BAN-0_8/man/fail2ban-client.1	2007-08-13 21:39:26 UTC (rev 613)
+++ branches/FAIL2BAN-0_8/man/fail2ban-client.1	2007-08-14 21:39:15 UTC (rev 614)
@@ -1,11 +1,11 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-CLIENT "1" "May 2007" "fail2ban-client v0.8.0" "User Commands"
+.TH FAIL2BAN-CLIENT "1" "August 2007" "fail2ban-client v0.8.1" "User Commands"
 .SH NAME
 fail2ban-client \- configure and control the server
 .SH DESCRIPTION
 [?1034hUsage: ../fail2ban\-client [OPTIONS] <COMMAND>
 .PP
-Fail2Ban v0.8.0 reads log file that contains password failure report
+Fail2Ban v0.8.1 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .SH OPTIONS
 .TP

Modified: branches/FAIL2BAN-0_8/man/fail2ban-regex.1
===================================================================
--- branches/FAIL2BAN-0_8/man/fail2ban-regex.1	2007-08-13 21:39:26 UTC (rev 613)
+++ branches/FAIL2BAN-0_8/man/fail2ban-regex.1	2007-08-14 21:39:15 UTC (rev 614)
@@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-REGEX "1" "May 2007" "fail2ban-regex v0.8.0" "User Commands"
+.TH FAIL2BAN-REGEX "1" "August 2007" "fail2ban-regex v0.8.1" "User Commands"
 .SH NAME
 fail2ban-regex \- test Fail2ban "failregex" option
 .SH SYNOPSIS
 .B fail2ban-regex
-[\fIOPTIONS\fR] \fI<LOG> <REGEX>\fR
+[\fIOPTIONS\fR] \fI<LOG> <REGEX> \fR[\fIIGNOREREGEX\fR]
 .SH DESCRIPTION
-Fail2Ban v0.8.0 reads log file that contains password failure report
+Fail2Ban v0.8.1 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
 This tools can test regular expressions for "fail2ban".
@@ -31,6 +31,13 @@
 .TP
 \fBfilename\fR
 path to a filter file (filter.d/sshd.conf)
+.SS "IgnoreRegex:"
+.TP
+\fBstring\fR
+a string representing an 'ignoreregex'
+.TP
+\fBfilename\fR
+path to a filter file (filter.d/sshd.conf)
 .SH AUTHOR
 Written by Cyril Jaquier <los...@us...>.
 Many contributions by Yaroslav O. Halchenko <de...@on...>.

Modified: branches/FAIL2BAN-0_8/man/fail2ban-server.1
===================================================================
--- branches/FAIL2BAN-0_8/man/fail2ban-server.1	2007-08-13 21:39:26 UTC (rev 613)
+++ branches/FAIL2BAN-0_8/man/fail2ban-server.1	2007-08-14 21:39:15 UTC (rev 614)
@@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-SERVER "1" "May 2007" "fail2ban-server v0.8.0" "User Commands"
+.TH FAIL2BAN-SERVER "1" "August 2007" "fail2ban-server v0.8.1" "User Commands"
 .SH NAME
 fail2ban-server \- start the server
 .SH SYNOPSIS
 .B fail2ban-server
 [\fIOPTIONS\fR]
 .SH DESCRIPTION
-Fail2Ban v0.8.0 reads log file that contains password failure report
+Fail2Ban v0.8.1 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
 Only use this command for debugging purpose. Start the server with


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [613] branches/FAIL2BAN-0_8/config/filter.d/sshd.conf

[<los...@us...>]

Revision: 613
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=613&view=rev
Author:   lostcontrol
Date:     2007-08-13 14:39:26 -0700 (Mon, 13 Aug 2007)

Log Message:
-----------
- Improved regular expressions

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/config/filter.d/sshd.conf

Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf	2007-08-08 22:52:42 UTC (rev 612)
+++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf	2007-08-13 21:39:26 UTC (rev 613)
@@ -15,11 +15,11 @@
 # Values:  TEXT
 #
 failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
-            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
+            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
             ROOT LOGIN REFUSED.* FROM <HOST>\s*$
             [iI](?:llegal|nvalid) user .* from <HOST>\s*$
-            User \S+ from <HOST> not allowed because not listed in AllowUsers$
-            User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$
+            User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
+            User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [612] branches/FAIL2BAN-0_8/MANIFEST

[<los...@us...>]

Revision: 612
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=612&view=rev
Author:   lostcontrol
Date:     2007-08-08 15:52:42 -0700 (Wed, 08 Aug 2007)

Log Message:
-----------
- Added new files

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/MANIFEST

Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST	2007-08-08 22:49:58 UTC (rev 611)
+++ branches/FAIL2BAN-0_8/MANIFEST	2007-08-08 22:52:42 UTC (rev 612)
@@ -66,6 +66,7 @@
 config/filter.d/courierlogin.conf
 config/filter.d/couriersmtp.conf
 config/filter.d/exim.conf
+config/filter.d/named-refused.conf
 config/filter.d/postfix.conf
 config/filter.d/proftpd.conf
 config/filter.d/pure-ftpd.conf
@@ -79,6 +80,7 @@
 config/action.d/hostsdeny.conf
 config/action.d/ipfw.conf
 config/action.d/iptables.conf
+config/action.d/iptables-allports.conf
 config/action.d/iptables-multiport.conf
 config/action.d/iptables-new.conf
 config/action.d/mail.conf


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [611] branches/FAIL2BAN-0_8/config/jail.conf

[<los...@us...>]

Revision: 611
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=611&view=rev
Author:   lostcontrol
Date:     2007-08-08 15:49:58 -0700 (Wed, 08 Aug 2007)

Log Message:
-----------
- Added named (bind9) example. Thanks to Yaroslav Halchenko

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/config/jail.conf

Modified: branches/FAIL2BAN-0_8/config/jail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/jail.conf	2007-08-08 22:31:47 UTC (rev 610)
+++ branches/FAIL2BAN-0_8/config/jail.conf	2007-08-08 22:49:58 UTC (rev 611)
@@ -165,3 +165,41 @@
            sendmail-whois[name="SSH,IPFW", dest=yo...@ma...]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1
+
+# These jails block attacks against named (bind9). By default, logging is off
+# with bind9 installation. You will need something like this:
+#
+# logging {
+#     channel lame-servers_file {
+#         file "/var/log/named/lame-servers.log" versions 3 size 30m;
+#         severity dynamic;
+#         print-time yes;
+#     };
+#     category lame-servers {
+#         lame-servers_file;
+#     };
+# }
+#
+# in your named.conf to provide proper logging.
+# This jail blocks UDP traffic for DNS requests.
+
+[named-refused-udp]
+
+enabled  = false
+filter   = named-refused
+action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
+           sendmail-whois[name=Named, dest=yo...@ma...]
+logpath  = /var/log/named/lame-servers.log
+ignoreip = 168.192.0.1
+
+# This jail blocks TCP traffic for DNS requests.
+
+[named-refused-tcp]
+
+enabled  = false
+filter   = named-refused
+action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
+           sendmail-whois[name=Named, dest=yo...@ma...]
+logpath  = /var/log/named/lame-servers.log
+ignoreip = 168.192.0.1
+


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [610] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 610
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=610&view=rev
Author:   lostcontrol
Date:     2007-08-08 15:31:47 -0700 (Wed, 08 Aug 2007)

Log Message:
-----------
- Fixed vsftpd filter. Thanks to Yaroslav Halchenko

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-08-08 22:29:13 UTC (rev 609)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-08-08 22:31:47 UTC (rev 610)
@@ -30,6 +30,7 @@
   Yaroslav Halchenko
 - Added filter file for named (bind9). Thanks to Yaroslav
   Halchenko
+- Fixed vsftpd filter. Thanks to Yaroslav Halchenko
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf	2007-08-08 22:29:13 UTC (rev 609)
+++ branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf	2007-08-08 22:31:47 UTC (rev 610)
@@ -14,8 +14,8 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
-failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>$
-            \[.+\] FAIL LOGIN: Client "<HOST>"$
+failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>\s*$
+            \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [609] branches/FAIL2BAN-0_8/config/filter.d/sshd.conf

[<los...@us...>]

Revision: 609
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=609&view=rev
Author:   lostcontrol
Date:     2007-08-08 15:29:13 -0700 (Wed, 08 Aug 2007)

Log Message:
-----------
- Modified failregex again. Thanks to Yaroslav Halchenko

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/config/filter.d/sshd.conf

Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf	2007-08-08 22:21:15 UTC (rev 608)
+++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf	2007-08-08 22:29:13 UTC (rev 609)
@@ -14,11 +14,11 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = Authentication failure for .+ from <HOST>(?: port \d+ ssh2)?$
-            Failed [-/\w]+ for .+ from <HOST>(?: port \d+ ssh2)?$
-            ROOT LOGIN REFUSED .+ FROM <HOST>(?: port \d+ ssh2)?$
-            [iI](?:llegal|nvalid) user .+ from <HOST>(?: port \d+ ssh2)?$
-            User .+ from <HOST> not allowed because not listed in AllowUsers$
+failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
+            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
+            ROOT LOGIN REFUSED.* FROM <HOST>\s*$
+            [iI](?:llegal|nvalid) user .* from <HOST>\s*$
+            User \S+ from <HOST> not allowed because not listed in AllowUsers$
             User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$
 
 # Option:  ignoreregex


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [608] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 608
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=608&view=rev
Author:   lostcontrol
Date:     2007-08-08 15:21:15 -0700 (Wed, 08 Aug 2007)

Log Message:
-----------
- Added filter file for named (bind9). Thanks to Yaroslav Halchenko

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG

Added Paths:
-----------
    branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-08-08 22:16:22 UTC (rev 607)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-08-08 22:21:15 UTC (rev 608)
@@ -28,6 +28,8 @@
   Halchenko
 - Added "named" date format to date detector. Thanks to
   Yaroslav Halchenko
+- Added filter file for named (bind9). Thanks to Yaroslav
+  Halchenko
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Added: branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf	                        (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf	2007-08-08 22:21:15 UTC (rev 608)
@@ -0,0 +1,34 @@
+# Fail2Ban configuration file for named (bind9). Trying to generalize the
+#          structure which is general to capture general patterns in log
+#          lines to cover different configurations/distributions
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision$
+#
+
+[Definition]
+
+# if you want to catch only login erros from specific daemons, use smth like
+#_named_rcodes=(?:REFUSED|SERVFAIL)
+# To catch all REFUSED queries only
+_named_rcodes=REFUSED
+_daemon=named
+
+#
+# Shortcuts for easier comprehension of the failregex
+__pid_re=(?:\[\d+\])
+__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
+__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+#       hostname       daemon_id         spaces
+# this can be optional (for instance if we match named native log files)
+__line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT
+#
+failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
+		    %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
+
+


Property changes on: branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [607] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 607
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=607&view=rev
Author:   lostcontrol
Date:     2007-08-08 15:16:22 -0700 (Wed, 08 Aug 2007)

Log Message:
-----------
- Added "named" date format to date detector. Thanks to Yaroslav Halchenko

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/server/datedetector.py

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-08-08 22:13:09 UTC (rev 606)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-08-08 22:16:22 UTC (rev 607)
@@ -26,6 +26,8 @@
   to Yaroslav Halchenko
 - Added new action iptables-allports. Thanks to Yaroslav
   Halchenko
+- Added "named" date format to date detector. Thanks to
+  Yaroslav Halchenko
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/server/datedetector.py
===================================================================
--- branches/FAIL2BAN-0_8/server/datedetector.py	2007-08-08 22:13:09 UTC (rev 606)
+++ branches/FAIL2BAN-0_8/server/datedetector.py	2007-08-08 22:16:22 UTC (rev 607)
@@ -80,6 +80,12 @@
 			template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
 			template.setPattern("%Y-%m-%d %H:%M:%S")
 			self.__templates.append(template)
+			# named 26-Jul-2007 15:20:52.252 
+			template = DateStrptime()
+			template.setName("Day-Month-Year Hour:Minute:Second[.Millisecond]")
+			template.setRegex("\d{2}-\S{3}-\d{4} \d{2}:\d{2}:\d{2}")
+			template.setPattern("%d-%b-%Y %H:%M:%S")
+			self.__templates.append(template)
 			# TAI64N
 			template = DateTai64n()
 			template.setName("TAI64N")


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [606] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 606
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=606&view=rev
Author:   lostcontrol
Date:     2007-08-08 15:13:09 -0700 (Wed, 08 Aug 2007)

Log Message:
-----------
- Added new action iptables-allports. Thanks to Yaroslav Halchenko

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG

Added Paths:
-----------
    branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-08-07 22:11:34 UTC (rev 605)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-08-08 22:13:09 UTC (rev 606)
@@ -24,6 +24,8 @@
   Delvit
 - Removed textToDns() which is not required anymore. Thanks
   to Yaroslav Halchenko
+- Added new action iptables-allports. Thanks to Yaroslav
+  Halchenko
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Added: branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf	                        (rev 0)
+++ branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf	2007-08-08 22:13:09 UTC (rev 606)
@@ -0,0 +1,65 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified: Yaroslav O. Halchenko <de...@on...>
+# 			made active on all ports from original iptables.conf
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = iptables -N fail2ban-<name>
+              iptables -A fail2ban-<name> -j RETURN
+              iptables -I INPUT -p <protocol> -j fail2ban-<name>
+
+# Option:  actionend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name>
+             iptables -F fail2ban-<name>
+             iptables -X fail2ban-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+


Property changes on: branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [605] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 605
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=605&view=rev
Author:   lostcontrol
Date:     2007-08-07 15:11:34 -0700 (Tue, 07 Aug 2007)

Log Message:
-----------
- Removed textToDns() which is not required anymore. Thanks to Yaroslav Halchenko

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/server/filter.py

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-08-05 19:33:15 UTC (rev 604)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-08-07 22:11:34 UTC (rev 605)
@@ -22,6 +22,8 @@
   David Nutter
 - Added webmin authentication filter. Thanks to Guillaume
   Delvit
+- Removed textToDns() which is not required anymore. Thanks
+  to Yaroslav Halchenko
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/server/filter.py
===================================================================
--- branches/FAIL2BAN-0_8/server/filter.py	2007-08-05 19:33:15 UTC (rev 604)
+++ branches/FAIL2BAN-0_8/server/filter.py	2007-08-07 22:11:34 UTC (rev 605)
@@ -504,17 +504,6 @@
 			return list()
 	
 	@staticmethod
-	def textToDns(text):
-		""" Search for possible DNS in an arbitrary text.
-			Thanks to Tom Pike.
-		"""
-		match = DNSUtils.DNS_CRE.match(text)
-		if match:
-			return match
-		else:
-			return None
-	
-	@staticmethod
 	def searchIP(text):
 		""" Search if an IP address if directly available and return
 			it.
@@ -549,11 +538,9 @@
 				ipList.append(plainIPStr)
 		if not ipList:
 			# Try to get IP from possible DNS
-			dns = DNSUtils.textToDns(text)
-			if not dns == None:
-				ip = DNSUtils.dnsToIp(dns.group(0))
-				for e in ip:
-					ipList.append(e)
+			ip = DNSUtils.dnsToIp(text)
+			for e in ip:
+				ipList.append(e)
 		return ipList
 	
 	@staticmethod


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [604] branches/FAIL2BAN-0_8/config/action.d/ sendmail-buffered.conf

[<los...@us...>]

Revision: 604
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=604&view=rev
Author:   lostcontrol
Date:     2007-08-05 12:33:15 -0700 (Sun, 05 Aug 2007)

Log Message:
-----------
- Corrected subject

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf

Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf	2007-07-17 20:41:00 UTC (rev 603)
+++ branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf	2007-08-05 19:33:15 UTC (rev 604)
@@ -25,7 +25,7 @@
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile> ]; then
-                 echo -en "Subject: [Fail2Ban] <name>: stopped
+                 echo -en "Subject: [Fail2Ban] <name>: summary
                  From: Fail2Ban <<sender>>
                  To: <dest>\n
                  Hi,\n
@@ -60,7 +60,7 @@
 actionban = echo `date`": <ip> (<failures> failures)" >> <tmpfile>
             LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
             if [ $LINE -eq <lines> ]; then
-                echo -en "Subject: [Fail2Ban] <name>: stopped
+                echo -en "Subject: [Fail2Ban] <name>: summary
                 From: Fail2Ban <<sender>>
                 To: <dest>\n
                 Hi,\n


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [603] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 603
          http://svn.sourceforge.net/fail2ban/?rev=603&view=rev
Author:   lostcontrol
Date:     2007-07-17 13:41:00 -0700 (Tue, 17 Jul 2007)

Log Message:
-----------
- Added new regex for proftpd. Thanks to Vaclav Misek

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/README
    branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf

Modified: branches/FAIL2BAN-0_8/README
===================================================================
--- branches/FAIL2BAN-0_8/README	2007-07-11 22:27:29 UTC (rev 602)
+++ branches/FAIL2BAN-0_8/README	2007-07-17 20:41:00 UTC (rev 603)
@@ -75,7 +75,7 @@
 René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch,
 Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner,
 Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
-Delvit
+Delvit, Vaclav Misek
 
 License:
 --------

Modified: branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf	2007-07-11 22:27:29 UTC (rev 602)
+++ branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf	2007-07-17 20:41:00 UTC (rev 603)
@@ -15,6 +15,7 @@
 # Values: TEXT
 #
 failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
+            \(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect password.$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [602] branches/FAIL2BAN-0_8/README

[<los...@us...>]

Revision: 602
          http://svn.sourceforge.net/fail2ban/?rev=602&view=rev
Author:   lostcontrol
Date:     2007-07-11 15:27:29 -0700 (Wed, 11 Jul 2007)

Log Message:
-----------
- Updated contributors

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/README

Modified: branches/FAIL2BAN-0_8/README
===================================================================
--- branches/FAIL2BAN-0_8/README	2007-07-11 22:27:16 UTC (rev 601)
+++ branches/FAIL2BAN-0_8/README	2007-07-11 22:27:29 UTC (rev 602)
@@ -74,7 +74,8 @@
 Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
 René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch,
 Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner,
-Daniel B. Cid, David Nutter, Raphaël Marichez
+Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
+Delvit
 
 License:
 --------


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [601] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 601
          http://svn.sourceforge.net/fail2ban/?rev=601&view=rev
Author:   lostcontrol
Date:     2007-07-11 15:27:16 -0700 (Wed, 11 Jul 2007)

Log Message:
-----------
- Added webmin authentication filter. Thanks to Guillaume Delvit

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/MANIFEST

Added Paths:
-----------
    branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-07-11 22:13:07 UTC (rev 600)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-07-11 22:27:16 UTC (rev 601)
@@ -20,6 +20,8 @@
   Christian Rauch
 - Tightening up the pid check in redhat-initd. Thanks to
   David Nutter
+- Added webmin authentication filter. Thanks to Guillaume
+  Delvit
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST	2007-07-11 22:13:07 UTC (rev 600)
+++ branches/FAIL2BAN-0_8/MANIFEST	2007-07-11 22:27:16 UTC (rev 601)
@@ -74,6 +74,7 @@
 config/filter.d/sshd.conf
 config/filter.d/sshd-ddos.conf
 config/filter.d/vsftpd.conf
+config/filter.d/webmin-auth.conf
 config/filter.d/wuftpd.conf
 config/action.d/hostsdeny.conf
 config/action.d/ipfw.conf

Added: branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf	                        (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf	2007-07-11 22:27:16 UTC (rev 601)
@@ -0,0 +1,28 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Rule by : Delvit Guillaume
+#
+# $Revision$
+#
+
+[Definition]
+
+# patern :      webmin[15673]: Non-existent login as toto from 86.0.6.217
+#               webmin[29544]: Invalid login as root from 86.0.6.217
+#
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = webmin.* Non-existent login as .+ from <HOST>$
+            webmin.* Invalid login as .+ from <HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 


Property changes on: branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [600] branches/FAIL2BAN-0_8/README

[<los...@us...>]

Revision: 600
          http://svn.sourceforge.net/fail2ban/?rev=600&view=rev
Author:   lostcontrol
Date:     2007-07-11 15:13:07 -0700 (Wed, 11 Jul 2007)

Log Message:
-----------
- Updated contributors

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/README

Modified: branches/FAIL2BAN-0_8/README
===================================================================
--- branches/FAIL2BAN-0_8/README	2007-07-11 22:12:45 UTC (rev 599)
+++ branches/FAIL2BAN-0_8/README	2007-07-11 22:13:07 UTC (rev 600)
@@ -73,7 +73,8 @@
 Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
 Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
 René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch,
-Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner
+Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner,
+Daniel B. Cid, David Nutter, Raphaël Marichez
 
 License:
 --------


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [599] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 599
          http://svn.sourceforge.net/fail2ban/?rev=599&view=rev
Author:   lostcontrol
Date:     2007-07-11 15:12:45 -0700 (Wed, 11 Jul 2007)

Log Message:
-----------
- Tightening up the pid check in redhat-initd. Thanks to David Nutter

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/files/redhat-initd

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-07-10 20:24:44 UTC (rev 598)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-07-11 22:12:45 UTC (rev 599)
@@ -18,6 +18,8 @@
 - Added "ignoreregex" support to fail2ban-regex
 - Updated suse-initd and added it to MANIFEST. Thanks to
   Christian Rauch
+- Tightening up the pid check in redhat-initd. Thanks to
+  David Nutter
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/files/redhat-initd
===================================================================
--- branches/FAIL2BAN-0_8/files/redhat-initd	2007-07-10 20:24:44 UTC (rev 598)
+++ branches/FAIL2BAN-0_8/files/redhat-initd	2007-07-11 22:12:45 UTC (rev 599)
@@ -20,7 +20,7 @@
 RETVAL=0
 
 getpid() {
-    pid=`ps -ef | grep fail2ban-|grep -v grep|awk '{print $2}'`
+    pid=`ps -eo pid,comm | grep fail2ban- | awk '{ print $1 }'`
 }
 
 start() {


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [598] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 598
          http://svn.sourceforge.net/fail2ban/?rev=598&view=rev
Author:   lostcontrol
Date:     2007-07-10 13:24:44 -0700 (Tue, 10 Jul 2007)

Log Message:
-----------
- Updated regular expressions

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/config/filter.d/sshd.conf

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-07-10 20:04:57 UTC (rev 597)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-07-10 20:24:44 UTC (rev 598)
@@ -12,6 +12,7 @@
 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
 - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko
 - Improved regular expressions. Thanks to Yaroslav Halchenko
+  and others
 - Added sendmail actions. The action started with "mail" are
   now deprecated. Thanks to Raphaël Marichez
 - Added "ignoreregex" support to fail2ban-regex

Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf	2007-07-10 20:04:57 UTC (rev 597)
+++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf	2007-07-10 20:24:44 UTC (rev 598)
@@ -14,11 +14,12 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = Authentication failure for .* from <HOST>$
-            Failed [-/\w]+ for .* from <HOST>$
-            ROOT LOGIN REFUSED .* FROM <HOST>$
-            [iI](?:llegal|nvalid) user .* from <HOST>$
-            User .* from <HOST> not allowed because not listed in AllowUsers$
+failregex = Authentication failure for .+ from <HOST>(?: port \d+ ssh2)?$
+            Failed [-/\w]+ for .+ from <HOST>(?: port \d+ ssh2)?$
+            ROOT LOGIN REFUSED .+ FROM <HOST>(?: port \d+ ssh2)?$
+            [iI](?:llegal|nvalid) user .+ from <HOST>(?: port \d+ ssh2)?$
+            User .+ from <HOST> not allowed because not listed in AllowUsers$
+            User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [596] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 596
          http://svn.sourceforge.net/fail2ban/?rev=596&view=rev
Author:   lostcontrol
Date:     2007-07-10 12:54:01 -0700 (Tue, 10 Jul 2007)

Log Message:
-----------
- Added "ignoreregex" support to fail2ban-regex

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/fail2ban-regex
    branches/FAIL2BAN-0_8/server/filter.py

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-07-05 16:10:33 UTC (rev 595)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-07-10 19:54:01 UTC (rev 596)
@@ -14,6 +14,7 @@
 - Improved regular expressions. Thanks to Yaroslav Halchenko
 - Added sendmail actions. The action started with "mail" are
   now deprecated. Thanks to Raphaël Marichez
+- Added "ignoreregex" support to fail2ban-regex
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/fail2ban-regex
===================================================================
--- branches/FAIL2BAN-0_8/fail2ban-regex	2007-07-05 16:10:33 UTC (rev 595)
+++ branches/FAIL2BAN-0_8/fail2ban-regex	2007-07-10 19:54:01 UTC (rev 596)
@@ -68,6 +68,7 @@
 	
 	def __init__(self):
 		self.__filter = Filter(None)
+		self.__ignoreregex = list()
 		self.__failregex = list()
 		# Setup logging
 		logging.getLogger("fail2ban").handlers = []
@@ -92,7 +93,7 @@
 	
 	@staticmethod
 	def dispUsage():
-		print "Usage: "+sys.argv[0]+" [OPTIONS] <LOG> <REGEX>"
+		print "Usage: "+sys.argv[0]+" [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]"
 		print
 		print "Fail2Ban v" + version + " reads log file that contains password failure report"
 		print "and bans the corresponding IP addresses using firewall rules."
@@ -111,6 +112,10 @@
 		print "    string                  a string representing a 'failregex'"
 		print "    filename                path to a filter file (filter.d/sshd.conf)"
 		print
+		print "IgnoreRegex:"
+		print "    string                  a string representing an 'ignoreregex'"
+		print "    filename                path to a filter file (filter.d/sshd.conf)"
+		print
 		print "Report bugs to <los...@us...>"
 	
 	def getCmdLineOptions(self, optList):
@@ -128,6 +133,35 @@
 	def logIsFile(value):
 		return os.path.isfile(value)
 
+	def readIgnoreRegex(self, value):
+		if os.path.isfile(value):
+			reader = SafeConfigParser()
+			try:
+				reader.read(value)
+				print "Use ignoreregex file : " + value
+				self.__ignoreregex = [RegexStat(m)
+									for m in reader.get("Definition", "ignoreregex").split('\n')]
+			except NoSectionError:
+				print "No [Definition] section in " + value
+				print
+				return False
+			except NoOptionError:
+				print "No failregex option in " + value
+				print
+				return False
+			except MissingSectionHeaderError:
+				print "No section headers in " + value
+				print
+				return False
+		else:
+			if len(value) > 53:
+				stripReg = value[0:50] + "..."
+			else:
+				stripReg = value
+			print "Use ignoreregex line : " + stripReg
+			self.__ignoreregex = [RegexStat(value)]
+		return True
+
 	def readRegex(self, value):
 		if os.path.isfile(value):
 			reader = SafeConfigParser()
@@ -157,8 +191,27 @@
 			self.__failregex = [RegexStat(value)]
 		return True
 	
+	def testIgnoreRegex(self, line):
+		found = False
+		for regex in self.__ignoreregex:
+			logging.getLogger("fail2ban").setLevel(logging.DEBUG)
+			try:
+				self.__filter.addIgnoreRegex(regex.getFailRegex())
+				try:
+					ret = self.__filter.ignoreLine(line)
+					if ret:
+						regex.inc()
+				except RegexException, e:
+					print e
+					return False
+			finally:
+				self.__filter.delIgnoreRegex(0)
+				logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
+	
 	def testRegex(self, line):
 		found = False
+		for regex in self.__ignoreregex:
+			self.__filter.addIgnoreRegex(regex.getFailRegex())
 		for regex in self.__failregex:
 			logging.getLogger("fail2ban").setLevel(logging.DEBUG)
 			try:
@@ -182,6 +235,8 @@
 			finally:
 				self.__filter.delFailRegex(0)
 				logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
+		for regex in self.__ignoreregex:
+					self.__filter.delIgnoreRegex(0)
 	
 	def printStats(self):
 		print
@@ -191,25 +246,51 @@
 		
 		# Print title
 		cnt = 1
-		print "Failregex:"
+		print "Failregex"
+		print "|- Regular expressions:"
 		for failregex in self.__failregex:
-			print "[" + str(cnt) + "] " + failregex.getFailRegex()
+			print "|  [" + str(cnt) + "] " + failregex.getFailRegex()
 			cnt += 1
+		cnt = 1
 		
-		print
+		print "|"
 		
 		# Print stats
 		cnt = 1
 		total = 0
-		print "Number of matches:"
+		print "`- Number of matches:"
 		for failregex in self.__failregex:
 			match = failregex.getStats()
 			total += match
-			print "[" + str(cnt) + "] " + str(match) + " match(es)"
+			print "   [" + str(cnt) + "] " + str(match) + " match(es)"
 			cnt += 1
 		
 		print
 		
+		# Print title
+		cnt = 1
+		print "Ignoreregex"
+		print "|- Regular expressions:"
+		for failregex in self.__ignoreregex:
+			print "|  [" + str(cnt) + "] " + failregex.getFailRegex()
+			cnt += 1
+		cnt = 1
+		
+		print "|"
+		
+		# Print stats
+		cnt = 1
+		print "`- Number of matches:"
+		for failregex in self.__ignoreregex:
+			match = failregex.getStats()
+			print "   [" + str(cnt) + "] " + str(match) + " match(es)"
+			cnt += 1
+		
+		print
+		print "Summary"
+		print "======="
+		print
+		
 		if total == 0:
 			print "Sorry, no match"
 			print
@@ -236,7 +317,7 @@
 			
 			print "Date template hits:"
 			for template in self.__filter.dateDetector.getTemplates():
-				print `template.getHits()` + " hit: " + template.getName()
+				print `template.getHits()` + " hit(s): " + template.getName()
 			
 			print
 			
@@ -260,7 +341,7 @@
 	# Process command line
 	fail2banRegex.getCmdLineOptions(optList)
 	# We need exactly 3 parameters
-	if not len(sys.argv) == 3:
+	if not len(sys.argv) in (3, 4):
 		fail2banRegex.dispUsage()
 		sys.exit(-1)
 	else:
@@ -269,6 +350,10 @@
 		print "============="
 		print
 
+		if len(sys.argv) == 4:
+			if fail2banRegex.readIgnoreRegex(sys.argv[3]) == False:
+				sys.exit(-1)
+
 		if fail2banRegex.readRegex(sys.argv[2]) == False:
 			sys.exit(-1)
 
@@ -278,6 +363,7 @@
 				print "Use log file   : " + sys.argv[1]
 				print
 				for line in hdlr:
+					fail2banRegex.testIgnoreRegex(line)
 					fail2banRegex.testRegex(line)
 			except IOError, e:
 				print e
@@ -290,6 +376,7 @@
 				stripLog = sys.argv[1]
 			print "Use single line: " + stripLog
 			print
+			fail2banRegex.testIgnoreRegex(sys.argv[1])
 			fail2banRegex.testRegex(sys.argv[1])
 		
 		if fail2banRegex.printStats():

Modified: branches/FAIL2BAN-0_8/server/filter.py
===================================================================
--- branches/FAIL2BAN-0_8/server/filter.py	2007-07-05 16:10:33 UTC (rev 595)
+++ branches/FAIL2BAN-0_8/server/filter.py	2007-07-10 19:54:01 UTC (rev 596)
@@ -414,6 +414,20 @@
 		return True
 
 	##
+	# Returns true if the line should be ignored.
+	#
+	# Uses ignoreregex.
+	# @param line: the line
+	# @return: a boolean
+
+	def ignoreLine(self, line):
+		for ignoreRegex in self.__ignoreRegex:
+			ignoreRegex.search(line)
+			if ignoreRegex.hasMatched():
+				return True
+		return False
+
+	##
 	# Finds the failure in a line.
 	#
 	# Uses the failregex pattern to find it and timeregex in order
@@ -423,12 +437,9 @@
 	def findFailure(self, line):
 		failList = list()
 		# Checks if we must ignore this line.
-		for ignoreRegex in self.__ignoreRegex:
-			ignoreRegex.search(line)
-			if ignoreRegex.hasMatched():
-				# The ignoreregex matched. Return.
-				logSys.debug("Ignoring this line")
-				return failList
+		if self.ignoreLine(line):
+			# The ignoreregex matched. Return.
+			return failList
 		# Iterates over all the regular expressions.
 		for failRegex in self.__failRegex:
 			failRegex.search(line)


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [597] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 597
          http://svn.sourceforge.net/fail2ban/?rev=597&view=rev
Author:   lostcontrol
Date:     2007-07-10 13:04:57 -0700 (Tue, 10 Jul 2007)

Log Message:
-----------
- Updated suse-initd and added it to MANIFEST. Thanks to Christian Rauch

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/MANIFEST
    branches/FAIL2BAN-0_8/files/suse-initd

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-07-10 19:54:01 UTC (rev 596)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-07-10 20:04:57 UTC (rev 597)
@@ -15,6 +15,8 @@
 - Added sendmail actions. The action started with "mail" are
   now deprecated. Thanks to Raphaël Marichez
 - Added "ignoreregex" support to fail2ban-regex
+- Updated suse-initd and added it to MANIFEST. Thanks to
+  Christian Rauch
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST	2007-07-10 19:54:01 UTC (rev 596)
+++ branches/FAIL2BAN-0_8/MANIFEST	2007-07-10 20:04:57 UTC (rev 597)
@@ -102,6 +102,7 @@
 files/redhat-initd
 files/solaris-fail2ban.xml
 files/solaris-svc-fail2ban
+files/suse-initd
 files/cacti/fail2ban_stats.sh
 files/cacti/cacti_host_template_fail2ban.xml
 files/cacti/README

Modified: branches/FAIL2BAN-0_8/files/suse-initd
===================================================================
--- branches/FAIL2BAN-0_8/files/suse-initd	2007-07-10 19:54:01 UTC (rev 596)
+++ branches/FAIL2BAN-0_8/files/suse-initd	2007-07-10 20:04:57 UTC (rev 597)
@@ -6,26 +6,26 @@
 #
 ### BEGIN INIT INFO
 # Provides:          fail2ban
-# Required-Start:    $syslog $remote_fs postfix
+# Required-Start:    $syslog $remote_fs sendmail
 # Required-Stop:     $syslog $remote_fs
 # Should-Stop: $time ypbind sendmail
 # Default-Start:     3 5
 # Default-Stop:      0 1 2 6
 # Description:       startup Fail2Ban
 ### END INIT INFO
-PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/sbin:/usr/bin:/bin
 FAIL2BAN_BIN=/usr/local/bin/fail2ban-client
 FAIL2BAN_SERVER=/usr/local/bin/fail2ban-server
 FAIL2BAN_SOCKET=/tmp/fail2ban.sock
-test -x $FAIL2BAN_BIN || { echo "$FAIL2BAN_BIN not installed"; 
-	if [ "$1" = "stop" ]; then exit 0;
-	else exit 5; fi; }
+test -x $FAIL2BAN_BIN || { echo "$FAIL2BAN_BIN not installed";
+        if [ "$1" = "stop" ]; then exit 0;
+        else exit 5; fi; }
 
 # Check for existence of needed config file and read it
 FAIL2BAN_CONFIG=/etc/fail2ban/fail2ban.conf
 test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing";
-	if [ "$1" = "stop" ]; then exit 0;
-	else exit 6; fi; }
+        if [ "$1" = "stop" ]; then exit 0;
+        else exit 6; fi; }
 
 . /etc/rc.status
 
@@ -34,54 +34,63 @@
 
 case "$1" in
     start)
-	echo -n "Starting Fail2Ban "
-	/sbin/startproc $FAIL2BAN_BIN -q start 2>1 > /dev/null
-	rc_status -v
-	;;
+        echo -n "Starting Fail2Ban "
+        /sbin/startproc $FAIL2BAN_BIN start &>/dev/null
+        rc_status -v
+        ;;
     stop)
-	echo -n "Shutting down Fail2ban "
-	/sbin/startproc $FAIL2BAN_BIN -q stop
-	rc_status -v
-	;;
+        echo -n "Shutting down Fail2ban "
+        /sbin/startproc $FAIL2BAN_BIN -q stop
+        rc_status -v
+        ;;
     try-restart|condrestart)
-	if test "$1" = "condrestart"; then
-		echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
-	fi
-	$0 status
-	if test $? = 0; then
-		$0 restart
-	else
-		rc_reset	# Not running is not a failure.
-	fi
-	rc_status
-	;;
+        if test "$1" = "condrestart"; then
+                echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
+        fi
+        $0 status
+        if test $? = 0; then
+                $0 restart
+        else
+                rc_reset        # Not running is not a failure.
+        fi
+        rc_status
+        ;;
     restart)
-	$0 stop
-	i=60
-	while [ -e $FAIL2BAN_SOCKET ] && [ $i -gt 60 ]
-		sleep 1
-		i=$[i-1]
-		echo -n "."
-	done
-	echo "."
-	$0 start
+        $0 stop
+        echo -n "-wait a minute "
+        i=60
+        while [ -e $FAIL2BAN_SOCKET ] && [ $i -gt 0 ]; do
+                sleep 1
+                i=$[$i-1]
+                echo -n "."
+        done
+        echo "."
+        $0 start
 
-	# Remember status and be quiet
-	rc_status
-	;;
+        # Remember status and be quiet
+        rc_status
+        ;;
     force-reload)
-	echo -n "Reload service Fail2ban "
-	/sbin/startproc $FAIL2BAN_BIN -q reload
-	rc_status -v
-	;;
+        echo -n "Reload service Fail2ban "
+        /sbin/startproc $FAIL2BAN_BIN -q reload
+        rc_status -v
+        ;;
     reload)
-	echo -n "Reload service Fail2ban "
-	/sbin/startproc $FAIL2BAN_BIN -q reload
-	rc_status -v
-	;;
+        echo -n "Reload service Fail2ban "
+        /sbin/startproc $FAIL2BAN_BIN -q reload
+        rc_status -v
+        ;;
     status)
-	echo -n "Checking for service Fail2ban "
-	/sbin/checkproc $FAIL2BAN_SERVER
-	rc_status -v
-	;;
+        echo -n "Checking for service Fail2ban "
+        /sbin/checkproc $FAIL2BAN_SERVER
+        rc_status -v
+        ;;
     probe)
+        test /etc/fail2ban/fail2ban.conf -nt /var/run/fail2ban.pid && echo reload
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
+        exit 1
+        ;;
+esac
+rc_exit
\ No newline at end of file


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [595] branches/FAIL2BAN-0_8

[<los...@us...>]

Revision: 595
          http://svn.sourceforge.net/fail2ban/?rev=595&view=rev
Author:   lostcontrol
Date:     2007-07-05 09:10:33 -0700 (Thu, 05 Jul 2007)

Log Message:
-----------
- Added sendmail actions. The action started with "mail" are now deprecated. Thanks to Rapha?\195?\171l Marichez
- Fixed a small typo

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/CHANGELOG
    branches/FAIL2BAN-0_8/MANIFEST
    branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf
    branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf
    branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf
    branches/FAIL2BAN-0_8/config/action.d/mail.conf
    branches/FAIL2BAN-0_8/config/jail.conf

Added Paths:
-----------
    branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf
    branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf
    branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf
    branches/FAIL2BAN-0_8/config/action.d/sendmail.conf

Modified: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG	2007-06-25 22:18:46 UTC (rev 594)
+++ branches/FAIL2BAN-0_8/CHANGELOG	2007-07-05 16:10:33 UTC (rev 595)
@@ -12,6 +12,8 @@
 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
 - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko
 - Improved regular expressions. Thanks to Yaroslav Halchenko
+- Added sendmail actions. The action started with "mail" are
+  now deprecated. Thanks to Raphaël Marichez
 
 ver. 0.8.0 (2007/05/03) - stable
 ----------

Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST	2007-06-25 22:18:46 UTC (rev 594)
+++ branches/FAIL2BAN-0_8/MANIFEST	2007-07-05 16:10:33 UTC (rev 595)
@@ -84,6 +84,10 @@
 config/action.d/mail-buffered.conf
 config/action.d/mail-whois.conf
 config/action.d/mail-whois-lines.conf
+config/action.d/sendmail.conf
+config/action.d/sendmail-buffered.conf
+config/action.d/sendmail-whois.conf
+config/action.d/sendmail-whois-lines.conf
 config/action.d/shorewall.conf
 config/fail2ban.conf
 man/fail2ban-client.1

Modified: branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf	2007-06-25 22:18:46 UTC (rev 594)
+++ branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf	2007-07-05 16:10:33 UTC (rev 595)
@@ -12,7 +12,7 @@
 # Values:  CMD
 #
 actionstart = echo -en "Hi,\n
-              The jail <name> has been started successfuly.\n
+              The jail <name> has been started successfully.\n
               Output will be buffered until <lines> lines are available.\n
               Regards,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>

Modified: branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf	2007-06-25 22:18:46 UTC (rev 594)
+++ branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf	2007-07-05 16:10:33 UTC (rev 595)
@@ -12,7 +12,7 @@
 # Values:  CMD
 #
 actionstart = echo -en "Hi,\n
-              The jail <name> has been started successfuly.\n
+              The jail <name> has been started successfully.\n
               Regards,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
 

Modified: branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf	2007-06-25 22:18:46 UTC (rev 594)
+++ branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf	2007-07-05 16:10:33 UTC (rev 595)
@@ -12,7 +12,7 @@
 # Values:  CMD
 #
 actionstart = echo -en "Hi,\n
-              The jail <name> has been started successfuly.\n
+              The jail <name> has been started successfully.\n
               Regards,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
 

Modified: branches/FAIL2BAN-0_8/config/action.d/mail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/mail.conf	2007-06-25 22:18:46 UTC (rev 594)
+++ branches/FAIL2BAN-0_8/config/action.d/mail.conf	2007-07-05 16:10:33 UTC (rev 595)
@@ -12,7 +12,7 @@
 # Values:  CMD
 #
 actionstart = echo -en "Hi,\n
-              The jail <name> has been started successfuly.\n
+              The jail <name> has been started successfully.\n
               Regards,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
 

Added: branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf	                        (rev 0)
+++ branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf	2007-07-05 16:10:33 UTC (rev 595)
@@ -0,0 +1,105 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = echo -en "Subject: [Fail2Ban] <name>: started
+              From: Fail2Ban <<sender>>
+              To: <dest>\n
+              Hi,\n
+              The jail <name> has been started successfully.\n
+              Output will be buffered until <lines> lines are available.\n
+              Regards,\n
+              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = if [ -f <tmpfile> ]; then
+                 echo -en "Subject: [Fail2Ban] <name>: stopped
+                 From: Fail2Ban <<sender>>
+                 To: <dest>\n
+                 Hi,\n
+                 These hosts have been banned by Fail2Ban.\n
+                 `cat <tmpfile>`
+                 Regards,\n
+                 Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+                 rm <tmpfile>
+             fi
+             echo -en "Subject: [Fail2Ban] <name>: stopped
+             From: Fail2Ban <<sender>>
+             To: <dest>\n
+             Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = echo `date`": <ip> (<failures> failures)" >> <tmpfile>
+            LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
+            if [ $LINE -eq <lines> ]; then
+                echo -en "Subject: [Fail2Ban] <name>: stopped
+                From: Fail2Ban <<sender>>
+                To: <dest>\n
+                Hi,\n
+                These hosts have been banned by Fail2Ban.\n
+                `cat <tmpfile>`
+                Regards,\n
+                Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+                rm <tmpfile>
+            fi
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
+# Sender of the mail
+#
+sender = fail2ban
+
+# Default number of lines that are buffered
+#
+lines = 5
+
+# Default temporary file
+#
+tmpfile = /tmp/fail2ban-mail.txt
+


Property changes on: branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision

Added: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf	                        (rev 0)
+++ branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf	2007-07-05 16:10:33 UTC (rev 595)
@@ -0,0 +1,88 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = echo -en "Subject: [Fail2Ban] <name>: started
+              From: Fail2Ban <<sender>>
+              To: <dest>\n
+              Hi,\n
+              The jail <name> has been started successfully.\n
+              Regards,\n
+              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped
+             From: Fail2Ban <<sender>>
+             To: <dest>\n
+             Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
+            From: Fail2Ban <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here are more information about <ip>:\n
+            `/usr/bin/whois <ip>`\n\n
+            Lines containing IP:<ip> in <logpath>\n
+            `/bin/grep '\<<ip>\>' <logpath>`\n\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
+# Sender of the mail
+#
+sender = fail2ban
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null
+


Property changes on: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision

Added: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf	                        (rev 0)
+++ branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf	2007-07-05 16:10:33 UTC (rev 595)
@@ -0,0 +1,82 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = echo -en "Subject: [Fail2Ban] <name>: started
+              From: Fail2Ban <<sender>>
+              To: <dest>\n
+              Hi,\n
+              The jail <name> has been started successfully.\n
+              Regards,\n
+              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped
+             From: Fail2Ban <<sender>>
+             To: <dest>\n
+             Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
+            From: Fail2Ban <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here are more information about <ip>:\n
+            `/usr/bin/whois <ip>`\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
+# Sender of the mail
+#
+sender = fail2ban
+


Property changes on: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision

Added: branches/FAIL2BAN-0_8/config/action.d/sendmail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/sendmail.conf	                        (rev 0)
+++ branches/FAIL2BAN-0_8/config/action.d/sendmail.conf	2007-07-05 16:10:33 UTC (rev 595)
@@ -0,0 +1,80 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = echo -en "Subject: [Fail2Ban] <name>: started
+              From: Fail2Ban <<sender>>
+              To: <dest>\n
+              Hi,\n
+              The jail <name> has been started successfully.\n
+              Regards,\n
+              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped
+             From: Fail2Ban <<sender>>
+             To: <dest>\n
+             Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
+            From: Fail2Ban <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
+# Sender of the mail
+#
+sender = fail2ban
+


Property changes on: branches/FAIL2BAN-0_8/config/action.d/sendmail.conf
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision

Modified: branches/FAIL2BAN-0_8/config/jail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/jail.conf	2007-06-25 22:18:46 UTC (rev 594)
+++ branches/FAIL2BAN-0_8/config/jail.conf	2007-07-05 16:10:33 UTC (rev 595)
@@ -45,7 +45,7 @@
 enabled  = false
 filter   = sshd
 action   = iptables[name=SSH, port=ssh, protocol=tcp]
-           mail-whois[name=SSH, dest=you...@ma...]
+           sendmail-whois[name=SSH, dest=yo...@ma..., sender=fai...@ma...]
 logpath  = /var/log/sshd.log
 maxretry = 5
 
@@ -54,7 +54,7 @@
 enabled  = false
 filter   = proftpd
 action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
-           mail-whois[name=ProFTPD, dest=you...@ma...]
+           sendmail-whois[name=ProFTPD, dest=yo...@ma...]
 logpath  = /var/log/proftpd/proftpd.log
 maxretry = 6
 
@@ -66,7 +66,7 @@
 filter   = sasl
 backend  = polling
 action   = iptables[name=sasl, port=smtp, protocol=tcp]
-           mail-whois[name=sasl, dest=you...@ma...]
+           sendmail-whois[name=sasl, dest=yo...@ma...]
 logpath  = /var/log/mail.log
 
 # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
@@ -77,7 +77,7 @@
 enabled     = false
 filter      = sshd
 action      = hostsdeny
-              mail-whois[name=SSH, dest=you...@ma...]
+              sendmail-whois[name=SSH, dest=yo...@ma...]
 ignoreregex = for myuser from
 logpath     = /var/log/sshd.log
 
@@ -101,7 +101,7 @@
 enabled  = false
 filter   = postfix
 action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
-           mail[name=Postfix, dest=you...@ma...]
+           sendmail[name=Postfix, dest=yo...@ma...]
 logpath  = /var/log/postfix.log
 bantime  = 300
 
@@ -112,7 +112,7 @@
 
 enabled  = false
 filter   = vsftpd
-action   = mail-whois[name=VSFTPD, dest=you...@ma...]
+action   = sendmail-whois[name=VSFTPD, dest=yo...@ma...]
 logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800
@@ -124,7 +124,7 @@
 enabled  = false
 filter   = vsftpd
 action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
-           mail-whois[name=VSFTPD, dest=you...@ma...]
+           sendmail-whois[name=VSFTPD, dest=yo...@ma...]
 logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800
@@ -137,7 +137,7 @@
 enabled  = false
 filter   = apache-badbots
 action   = iptables-multiport[name=BadBots, port="http,https"]
-           mail-buffered[name=BadBots, lines=5, dest=you...@ma...]
+           sendmail-buffered[name=BadBots, lines=5, dest=yo...@ma...]
 logpath  = /var/www/*/logs/access_log
 bantime  = 172800
 maxretry = 1
@@ -149,7 +149,7 @@
 enabled  = false
 filter   = apache-noscript
 action   = shorewall
-           mail[name=Postfix, dest=you...@ma...]
+           sendmail[name=Postfix, dest=yo...@ma...]
 logpath  = /var/log/apache2/error_log
 
 # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
@@ -162,6 +162,6 @@
 enabled  = false
 filter   = sshd
 action   = ipfw[localhost=192.168.0.1]
-           mail-whois[name="SSH,IPFW", dest=you...@ma...]
+           sendmail-whois[name="SSH,IPFW", dest=yo...@ma...]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban: [594] branches/FAIL2BAN-0_8/.pydevproject

[<los...@us...>]

Revision: 594
          http://svn.sourceforge.net/fail2ban/?rev=594&view=rev
Author:   lostcontrol
Date:     2007-06-25 15:18:46 -0700 (Mon, 25 Jun 2007)

Log Message:
-----------
- Changed location

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/.pydevproject

Modified: branches/FAIL2BAN-0_8/.pydevproject
===================================================================
--- branches/FAIL2BAN-0_8/.pydevproject	2007-06-25 21:59:38 UTC (rev 593)
+++ branches/FAIL2BAN-0_8/.pydevproject	2007-06-25 22:18:46 UTC (rev 594)
@@ -4,9 +4,9 @@
 <pydev_project>
 <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.4</pydev_property>
 <pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
-<path>/fail2ban-unstable/client</path>
-<path>/fail2ban-unstable/server</path>
-<path>/fail2ban-unstable/testcases</path>
-<path>/fail2ban-unstable</path>
+<path>/fail2ban-0.8/client</path>
+<path>/fail2ban-0.8/server</path>
+<path>/fail2ban-0.8/testcases</path>
+<path>/fail2ban-0.8</path>
 </pydev_pathproperty>
 </pydev_project>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.