Menu
▾
▴
fail2ban-commit
|
From: <los...@us...> - 2006-12-18 22:33:10
|
Revision: 494
http://svn.sourceforge.net/fail2ban/?rev=494&view=rev
Author: lostcontrol
Date: 2006-12-18 14:33:01 -0800 (Mon, 18 Dec 2006)
Log Message:
-----------
- Fixed some comments
Modified Paths:
--------------
trunk/config/action.d/dummy.conf
trunk/config/action.d/hostsdeny.conf
trunk/config/action.d/ipfw.conf
trunk/config/action.d/iptables.conf
trunk/config/action.d/mail-whois.conf
trunk/config/action.d/mail.conf
trunk/config/action.d/shorewall.conf
trunk/config/fail2ban.conf
trunk/config/jail.conf
Modified: trunk/config/action.d/dummy.conf
===================================================================
--- trunk/config/action.d/dummy.conf 2006-12-18 22:30:30 UTC (rev 493)
+++ trunk/config/action.d/dummy.conf 2006-12-18 22:33:01 UTC (rev 494)
@@ -7,26 +7,26 @@
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = touch /tmp/fail2ban.dummy
echo "<init>" >> /tmp/fail2ban.dummy
-# Option: fwend
+# Option: actionend
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = rm -f /tmp/fail2ban.dummy
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -36,7 +36,7 @@
#
actionban = echo "+<ip>" >> /tmp/fail2ban.dummy
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
Modified: trunk/config/action.d/hostsdeny.conf
===================================================================
--- trunk/config/action.d/hostsdeny.conf 2006-12-18 22:30:30 UTC (rev 493)
+++ trunk/config/action.d/hostsdeny.conf 2006-12-18 22:33:01 UTC (rev 494)
@@ -7,25 +7,25 @@
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = touch <tmpfile>
-# Option: fwend
+# Option: actionend
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = rm -f <tmpfile>
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -36,7 +36,7 @@
actionban = IP=<ip> &&
echo "ALL: $IP" >> <file>
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
Modified: trunk/config/action.d/ipfw.conf
===================================================================
--- trunk/config/action.d/ipfw.conf 2006-12-18 22:30:30 UTC (rev 493)
+++ trunk/config/action.d/ipfw.conf 2006-12-18 22:33:01 UTC (rev 494)
@@ -8,28 +8,28 @@
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart =
-# Option: fwend
+# Option: actionend
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop =
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -37,10 +37,10 @@
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = ipfw add deny tcp from <ip> to <localhost> <port>
+actionban = ipaction add deny tcp from <ip> to <localhost> <port>
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -48,7 +48,7 @@
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
+actionunban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
[Init]
Modified: trunk/config/action.d/iptables.conf
===================================================================
--- trunk/config/action.d/iptables.conf 2006-12-18 22:30:30 UTC (rev 493)
+++ trunk/config/action.d/iptables.conf 2006-12-18 22:33:01 UTC (rev 494)
@@ -7,7 +7,7 @@
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
@@ -15,7 +15,7 @@
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
-# Option: fwend
+# Option: actionend
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
@@ -23,13 +23,13 @@
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -39,7 +39,7 @@
#
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
Modified: trunk/config/action.d/mail-whois.conf
===================================================================
--- trunk/config/action.d/mail-whois.conf 2006-12-18 22:30:30 UTC (rev 493)
+++ trunk/config/action.d/mail-whois.conf 2006-12-18 22:33:01 UTC (rev 494)
@@ -7,7 +7,7 @@
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
@@ -16,7 +16,7 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
-# Option: fwend
+# Option: actionend
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
@@ -25,13 +25,13 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -47,7 +47,7 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
Modified: trunk/config/action.d/mail.conf
===================================================================
--- trunk/config/action.d/mail.conf 2006-12-18 22:30:30 UTC (rev 493)
+++ trunk/config/action.d/mail.conf 2006-12-18 22:33:01 UTC (rev 494)
@@ -7,7 +7,7 @@
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
@@ -16,7 +16,7 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
-# Option: fwend
+# Option: actionend
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
@@ -25,13 +25,13 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -45,7 +45,7 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
Modified: trunk/config/action.d/shorewall.conf
===================================================================
--- trunk/config/action.d/shorewall.conf 2006-12-18 22:30:30 UTC (rev 493)
+++ trunk/config/action.d/shorewall.conf 2006-12-18 22:33:01 UTC (rev 494)
@@ -7,25 +7,25 @@
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart =
-# Option: fwend
+# Option: actionend
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop =
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -35,7 +35,7 @@
#
actionban = shorewall reject <ip>
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
Modified: trunk/config/fail2ban.conf
===================================================================
--- trunk/config/fail2ban.conf 2006-12-18 22:30:30 UTC (rev 493)
+++ trunk/config/fail2ban.conf 2006-12-18 22:33:01 UTC (rev 494)
@@ -25,8 +25,9 @@
logtarget = /var/log/fail2ban.log
# Option: socket
-# Notes.: Set the socket file. This is used to communication with the
-# daemon.
+# Notes.: Set the socket file. This is used to communicate with the daemon. Do
+# not remove this file when Fail2ban runs. It will not be possible to
+# communicate with the server afterwards.
# Values: FILE Default: /tmp/fail2ban.sock
#
socket = /tmp/fail2ban.sock
Modified: trunk/config/jail.conf
===================================================================
--- trunk/config/jail.conf 2006-12-18 22:30:30 UTC (rev 493)
+++ trunk/config/jail.conf 2006-12-18 22:33:01 UTC (rev 494)
@@ -10,18 +10,29 @@
[DEFAULT]
-# "ignoreip" can be an IP address, a CIDR mask or a DNS host.
+# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
+# ban a host which matches an address in this list. Several addresses can be
+# defined using space separator.
ignoreip = 127.0.0.1
+
# "bantime" is the number of seconds that a host is banned.
bantime = 600
-# A host is banned if it has generated "maxretry" during the
-# last "findtime" seconds.
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
findtime = 600
+
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
# "backend" specifies the backend used to get files modification. Available
-# options are "gamin", "polling" and "auto".
+# options are "gamin", "polling" and "auto". This option can be overridden in
+# each jail too (use "gamin" for a jail and "polling" for another).
+#
+# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
+# is not installed, Fail2ban will use polling.
+# polling: uses a polling algorithm which does not require external libraries.
+# auto: will choose Gamin if available and polling otherwise.
backend = auto
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2007-01-04 12:21:45
|
Revision: 510
http://svn.sourceforge.net/fail2ban/?rev=510&view=rev
Author: lostcontrol
Date: 2007-01-04 04:21:44 -0800 (Thu, 04 Jan 2007)
Log Message:
-----------
- Added missing svn:keywords
- Split failregex in sshd.conf
- Added sshd-ddos.conf. Thanks to Yaroslav Halchenko
Modified Paths:
--------------
trunk/config/action.d/ipfw.conf
trunk/config/action.d/mail-whois.conf
trunk/config/action.d/mail.conf
trunk/config/action.d/shorewall.conf
trunk/config/filter.d/apache-noscript.conf
trunk/config/filter.d/courierlogin.conf
trunk/config/filter.d/couriersmtp.conf
trunk/config/filter.d/exim.conf
trunk/config/filter.d/postfix.conf
trunk/config/filter.d/proftpd.conf
trunk/config/filter.d/qmail.conf
trunk/config/filter.d/sasl.conf
trunk/config/filter.d/sshd.conf
Added Paths:
-----------
trunk/config/filter.d/sshd-ddos.conf
Property Changed:
----------------
trunk/config/action.d/ipfw.conf
trunk/config/action.d/mail-whois.conf
trunk/config/action.d/mail.conf
trunk/config/action.d/shorewall.conf
trunk/config/filter.d/apache-noscript.conf
trunk/config/filter.d/courierlogin.conf
trunk/config/filter.d/couriersmtp.conf
trunk/config/filter.d/exim.conf
trunk/config/filter.d/postfix.conf
trunk/config/filter.d/proftpd.conf
trunk/config/filter.d/qmail.conf
trunk/config/filter.d/sasl.conf
Modified: trunk/config/action.d/ipfw.conf
===================================================================
--- trunk/config/action.d/ipfw.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/action.d/ipfw.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -3,7 +3,7 @@
# Author: Nick Munger
# Modified by: Cyril Jaquier
#
-# $Revision: 254 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/action.d/ipfw.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/action.d/mail-whois.conf
===================================================================
--- trunk/config/action.d/mail-whois.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/action.d/mail-whois.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 254 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/action.d/mail-whois.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/action.d/mail.conf
===================================================================
--- trunk/config/action.d/mail.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/action.d/mail.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 254 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/action.d/mail.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/action.d/shorewall.conf
===================================================================
--- trunk/config/action.d/shorewall.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/action.d/shorewall.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 394 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/action.d/shorewall.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/filter.d/apache-noscript.conf
===================================================================
--- trunk/config/filter.d/apache-noscript.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/filter.d/apache-noscript.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 394 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/filter.d/apache-noscript.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/filter.d/courierlogin.conf
===================================================================
--- trunk/config/filter.d/courierlogin.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/filter.d/courierlogin.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -3,7 +3,7 @@
# Author: Christoph Haas
# Modified by: Cyril Jaquier
#
-# $Revision: 267 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/filter.d/courierlogin.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/filter.d/couriersmtp.conf
===================================================================
--- trunk/config/filter.d/couriersmtp.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/filter.d/couriersmtp.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 267 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/filter.d/couriersmtp.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/filter.d/exim.conf
===================================================================
--- trunk/config/filter.d/exim.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/filter.d/exim.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 267 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/filter.d/exim.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/filter.d/postfix.conf
===================================================================
--- trunk/config/filter.d/postfix.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/filter.d/postfix.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 267 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/filter.d/postfix.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/filter.d/proftpd.conf
===================================================================
--- trunk/config/filter.d/proftpd.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/filter.d/proftpd.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 331 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/filter.d/proftpd.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/filter.d/qmail.conf
===================================================================
--- trunk/config/filter.d/qmail.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/filter.d/qmail.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 267 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/filter.d/qmail.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/filter.d/sasl.conf
===================================================================
--- trunk/config/filter.d/sasl.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/filter.d/sasl.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -2,7 +2,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 331 $
+# $Revision$
#
[Definition]
Property changes on: trunk/config/filter.d/sasl.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Added: trunk/config/filter.d/sshd-ddos.conf
===================================================================
--- trunk/config/filter.d/sshd-ddos.conf (rev 0)
+++ trunk/config/filter.d/sshd-ddos.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+#
+failregex = sshd\[\S*\]: Did not receive identification string from <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
Property changes on: trunk/config/filter.d/sshd-ddos.conf
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Modified: trunk/config/filter.d/sshd.conf
===================================================================
--- trunk/config/filter.d/sshd.conf 2007-01-04 11:58:58 UTC (rev 509)
+++ trunk/config/filter.d/sshd.conf 2007-01-04 12:21:44 UTC (rev 510)
@@ -14,7 +14,8 @@
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
-failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>
+failregex = (?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid))? user .*(?: from|FROM) <HOST>
+ ROOT LOGIN REFUSED .*(?: from|FROM) <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
Thanks for helping keep SourceForge clean.
X