Permalink
Browse files

Upgraded to fresh upstream 0.7.7

  • Loading branch information...
2 parents 93125ae + 88d65de commit 018484d985fede0e33f062bfaf52ac13f0cbf755 @yarikoptic yarikoptic committed Oct 16, 2007
View
@@ -4,9 +4,22 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.7.6) 2007/01/04
+Fail2Ban (version 0.7.7) 2007/02/08
=============================================================
+ver. 0.7.7 (2007/02/08) - release candidate
+----------
+- Added signal handling in fail2ban-client
+- Added a wonderful visual effect when waiting on the server
+- fail2ban-client returns an error code if configuration is
+ not valid
+- Added new filters/actions. Thanks to Yaroslav Halchenko
+- Call Python interpreter directly (instead of using "env")
+- Added file support to fail2ban-regex. Benchmark feature has
+ been removed
+- Added cacti script and template.
+- Added IP list in "status <JAIL>". Thanks to Eric Gerbier
+
ver. 0.7.6 (2007/01/04) - beta
----------
- Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
View
@@ -1,6 +1,6 @@
Metadata-Version: 1.0
Name: fail2ban
-Version: 0.7.6
+Version: 0.7.7
Summary: Ban IPs that make too many password failure
Home-page: http://fail2ban.sourceforge.net
Author: Cyril Jaquier
View
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.7.6) 2007/01/04
+Fail2Ban (version 0.7.7) 2007/02/08
=============================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -15,7 +15,7 @@ or Apache web server ones.
This README is a quick introduction to Fail2ban. More
documentation, FAQ, HOWTOs are available on the project
-website: http://fail2ban.sourceforge.net
+website: http://www.fail2ban.org
Installation:
-------------
@@ -28,8 +28,8 @@ Optional:
To install, just do:
-> tar xvfj fail2ban-0.7.6.tar.bz2
-> cd fail2ban-0.7.6
+> tar xvfj fail2ban-0.7.7.tar.bz2
+> cd fail2ban-0.7.7
> python setup.py install
This will install Fail2Ban into /usr/share/fail2ban. The
@@ -53,15 +53,15 @@ You can configure Fail2ban using the files in /etc/fail2ban.
It is possible to configure the server using commands sent to
it by fail2ban-client. The available commands are described
in the man page of fail2ban-client. Please refer to it or to
-the website: http://fail2ban.sourceforge.net
+the website: http://www.fail2ban.org
Contact:
--------
You need some new features, you found bugs or you just
appreciate this program, you can contact me at:
-Website: http://fail2ban.sourceforge.net
+Website: http://www.fail2ban.org
Cyril Jaquier: <lostcontrol@users.sourceforge.net>
@@ -73,7 +73,7 @@ Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
-René Berber, mEDI, Axel Thimm
+René Berber, mEDI, Axel Thimm, Eric Gerbier
License:
--------
View
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-ToDo $Revision: 509 $
+ToDo $Revision: 540 $
=============================================================
Legend:
@@ -13,6 +13,24 @@ Legend:
# partially done
* done
+- Add timeout to external commands (signal alarm, watchdog
+ thread, etc)
+
+- New backend: pynotify
+
+- Uniformize filters and actions name. Use the software name
+ (openssh, postfix, proftp)
+
+- Added <USER> tag for failregex. Add features using this
+ information
+
+- Look at the memory consumption. Decrease memory usage
+
+- More detailed statistics
+
+- Auto-enable function (search for log files), check
+ modification date to see if service is still in use
+
- Improve parsing of the action parameters in jailreader.py
- Better handling of the protocol in transmitter.py
View
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 504 $
+# $Revision: 537 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 504 $"
-__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
+__version__ = "$Revision: 537 $"
+__date__ = "$Date: 2007-02-01 21:50:12 +0100 (Thu, 01 Feb 2007) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -70,11 +70,12 @@ def beautify(self, response):
if len(inC) > 1:
msg = "Status for the jail: " + inC[1] + "\n"
msg = msg + "|- " + response[0][0] + "\n"
- msg = msg + "| |- " + response[0][1][0][0] + ":\t\t" + `response[0][1][0][1]` + "\n"
- msg = msg + "| `- " + response[0][1][1][0] + ":\t\t" + `response[0][1][1][1]` + "\n"
+ msg = msg + "| |- " + response[0][1][0][0] + ":\t" + `response[0][1][0][1]` + "\n"
+ msg = msg + "| `- " + response[0][1][1][0] + ":\t" + `response[0][1][1][1]` + "\n"
msg = msg + "`- " + response[1][0] + "\n"
- msg = msg + " |- " + response[1][1][0][0] + ":\t\t" + `response[1][1][0][1]` + "\n"
- msg = msg + " `- " + response[1][1][1][0] + ":\t\t" + `response[1][1][1][1]`
+ msg = msg + " |- " + response[1][1][0][0] + ":\t" + `response[1][1][0][1]` + "\n"
+ msg = msg + " | `- " + response[1][1][2][0] + ":\t" + `response[1][1][2][1]` + "\n"
+ msg = msg + " `- " + response[1][1][1][0] + ":\t" + `response[1][1][1][1]`
else:
msg = "Status\n"
msg = msg + "|- " + response[0][0] + ":\t" + `response[0][1]` + "\n"
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 433 $
+# $Revision: 518 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 433 $"
-__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__version__ = "$Revision: 518 $"
+__date__ = "$Date: 2007-01-08 22:15:47 +0100 (Mon, 08 Jan 2007) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -60,7 +60,7 @@ def getEarlyOptions(self):
def getAllOptions(self):
self.__fail2ban.getOptions()
- self.__jails.getOptions()
+ return self.__jails.getOptions()
def convertToProtocol(self):
self.__streams["general"] = self.__fail2ban.convert()
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 433 $
+# $Revision: 518 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 433 $"
-__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__version__ = "$Revision: 518 $"
+__date__ = "$Date: 2007-01-08 22:15:47 +0100 (Mon, 08 Jan 2007) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -54,6 +54,8 @@ def getOptions(self):
self.__jails.append(jail)
else:
logSys.error("Errors in jail '" + sec + "'. Skipping...")
+ return False
+ return True
def convert(self):
stream = list()
View
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 504 $
+# $Revision: 529 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 504 $"
-__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
+__version__ = "$Revision: 529 $"
+__date__ = "$Date: 2007-01-29 21:27:51 +0100 (Mon, 29 Jan 2007) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -30,23 +30,23 @@
# Describes the protocol used to communicate with the server.
protocol = [
-['', "Basic", ""],
+['', "BASIC", ""],
["start", "starts the server and the jails"],
["reload", "reloads the configuration"],
["stop", "stops all jails and terminate the server"],
["status", "gets the current status of the server"],
["ping", "tests if the server is alive"],
-['', "Logging", ""],
+['', "LOGGING", ""],
["set loglevel <LEVEL>", "sets logging level to <LEVEL>. 0 is minimal, 4 is debug"],
["get loglevel", "gets the logging level"],
["set logtarget <TARGET>", "sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file"],
["get logtarget", "gets logging target"],
-['', "Jail control", ""],
+['', "JAIL CONTROL", ""],
["add <JAIL> <BACKEND>", "creates <JAIL> using <BACKEND>"],
["start <JAIL>", "starts the jail <JAIL>"],
["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"],
["status <JAIL>", "gets the current status of <JAIL>"],
-['', "Jail configuration", ""],
+['', "JAIL CONFIGURATION", ""],
["set <JAIL> idle on|off", "sets the idle state of <JAIL>"],
["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"],
["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"],
@@ -70,7 +70,7 @@
["set <JAIL> actioncheck <ACT> <CMD>", "sets the check command <CMD> of the action <ACT> for <JAIL>"],
["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"],
["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"],
-['', "Jail information", ""],
+['', "JAIL INFORMATION", ""],
["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"],
View
@@ -16,12 +16,12 @@
# Author: Cyril Jaquier
#
-# $Revision: 512 $
+# $Revision: 543 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 512 $"
-__date__ = "$Date: 2007-01-04 13:59:09 +0100 (Thu, 04 Jan 2007) $"
+__version__ = "$Revision: 543 $"
+__date__ = "$Date: 2007-02-08 22:14:01 +0100 (Thu, 08 Feb 2007) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
-version = "0.7.6"
+version = "0.7.7"
@@ -0,0 +1,69 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified by Yaroslav Halchenko for multiport banning
+# $Revision: 520 $
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = iptables -N fail2ban-<name>
+ iptables -A fail2ban-<name> -j RETURN
+ iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+
+# Option: actionend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+ iptables -F fail2ban-<name>
+ iptables -X fail2ban-<name>
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default:
+#
+port = ssh
+
+# Option: protocol
+# Notes.: internally used by config reader for interpolations.
+# Values: [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
Oops, something went wrong.

0 comments on commit 018484d

Please sign in to comment.