Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge commit 'remotes/upstream-repo/tags/FAIL2BAN-0_8_5^' into upstream

* commit 'remotes/upstream-repo/tags/FAIL2BAN-0_8_5^':
  for 0.8.5 release -- changelog + version
  BF: use addfailregex instead of failregex while processing per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
  BF: use os.path.join to generate full path - fixes includes in configs given local filename
  very minor -- uniform indentation in example
  BF: use standard/reserved example.com instead of mail.com
  ENH: Adding author for dovecot filter and prunning unneeded space in the regexp

Conflicts:
	common/version.py -- my added copyright
  • Loading branch information...
commit 6c07999157cd903826bac17dd0af743bf4247062 2 parents 93d1583 + 2da1a55
@yarikoptic yarikoptic authored
View
40 ChangeLog
@@ -4,9 +4,47 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
-Fail2Ban (version 0.8.4) 2009/09/07
+Fail2Ban (version 0.8.5) 2011/07/28
================================================================================
+ver. 0.8.5 (2011/07/28) - stable
+----------
+- Fix: use addfailregex instead of failregex while processing per-jail
+ "failregex" parameter (Fixed Debian bug #635830, LP: #635036). Thanks to
+ Marat Khayrullin for the patch and Daniel T Chen for forwarding to
+ Debian.
+- Fix: use os.path.join to generate full path - fixes includes in configs
+ given local filename (5 weeks ago) [yarikoptic]
+- Fix: allowed for trailing spaces in proftpd logs
+- Fix: escaped () in pure-ftpd filter. Thanks to Teodor
+- Fix: allowed space in the trailing of failregex for sasl.conf:
+ see http://bugs.debian.org/573314
+- Fix: use /var/run/fail2ban instead of /tmp for temp files in actions:
+ see http://bugs.debian.org/544232
+- Fix: Tai64N stores time in GMT, needed to convert to local time before
+ returning
+- Fix: disabled named-refused-udp jail entirely with a big fat warning
+- Fix: added time module. Bug reported in buanzo's blog:
+ see http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
+- Fix: Patch to make log file descriptors cloexec to stop leaking file
+ descriptors on fork/exec. Thanks to Jonathan Underwood:
+ see https://bugzilla.redhat.com/show_bug.cgi?id=230191#c24
+- Enhancement: added author for dovecot filter and pruned unneeded space
+ in the regexp
+- Enhancement: proftpd filter -- if login failed -- count regardless of the
+ reason for failure
+- Enhancement: added <chain> to action.d/iptables*. Thanks to Matthijs Kooijman:
+ see http://bugs.debian.org/515599
+- Enhancement: added filter.d/dovecot.conf from Martin Waschbuesch
+- Enhancement: made filter.d/apache-overflows.conf catch more:
+ see http://bugs.debian.org/574182
+- Enhancement: added dropbear filter from Francis Russell and Zak B. Elep:
+ see http://bugs.debian.org/546913
+- Enhancement: changed default ignoreip to ignore entire loopback zone (/8):
+ see http://bugs.debian.org/598200
+- Minor: spell-checked jail.conf. Thanks to Christoph Anton Mitterer
+- Few minor cosmetic changes
+
ver. 0.8.4 (2009/09/07) - stable
----------
- Check the inode number for rotation in addition to checking the first line of
View
2  README
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
-Fail2Ban (version 0.8.4) 2009/09/07
+Fail2Ban (version 0.8.5) 2011/07/26
================================================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many
View
8 client/configparserinc.py
@@ -43,7 +43,7 @@ class SafeConfigParserWithIncludes(SafeConfigParser):
[INCLUDES]
before = 1.conf
- 3.conf
+ 3.conf
after = 1.conf
@@ -54,8 +54,8 @@ class SafeConfigParserWithIncludes(SafeConfigParser):
the tree.
I wasn't sure what would be the right way to implement generic (aka c++
- template) so we could base at any *configparser class... so I will
- leave it for the future
+ template) so we could base at any *configparser class... so I will
+ leave it for the future
"""
@@ -86,7 +86,7 @@ def getIncludes(resource, seen = []):
if os.path.isabs(newResource):
r = newResource
else:
- r = "%s/%s" % (resourceDir, newResource)
+ r = os.path.join(resourceDir, newResource)
if r in seen:
continue
s = seen + [resource]
View
2  client/jailreader.py
@@ -120,7 +120,7 @@ def convert(self):
elif opt == "bantime":
stream.append(["set", self.__name, "bantime", self.__opts[opt]])
elif opt == "failregex":
- stream.append(["set", self.__name, "failregex", self.__opts[opt]])
+ stream.append(["set", self.__name, "addfailregex", self.__opts[opt]])
elif opt == "ignoreregex":
for regex in self.__opts[opt].split('\n'):
# Do not send a command if the rule is empty.
View
4 common/version.py
@@ -21,7 +21,7 @@
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 754 $"
__date__ = "$Date: 2009-09-07 21:13:45 +0200 (Mon, 07 Sep 2009) $"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011 Yaroslav Halchenko"
__license__ = "GPL"
-version = "0.8.4-SVN"
+version = "0.8.5"
View
4 config/filter.d/dovecot.conf
@@ -1,6 +1,6 @@
# Fail2Ban configuration file for dovcot
#
-# Author:
+# Author: Martin Waschbuesch
#
# $Revision: $
#
@@ -14,7 +14,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
-failregex = .*(?: pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
View
24 config/jail.conf
@@ -45,7 +45,7 @@ backend = auto
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
- sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
+ sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
logpath = /var/log/sshd.log
maxretry = 5
@@ -54,7 +54,7 @@ maxretry = 5
enabled = false
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=ProFTPD, dest=you@mail.com]
+ sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
@@ -66,7 +66,7 @@ enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
- sendmail-whois[name=sasl, dest=you@mail.com]
+ sendmail-whois[name=sasl, dest=you@example.com]
logpath = /var/log/mail.log
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
@@ -77,7 +77,7 @@ logpath = /var/log/mail.log
enabled = false
filter = sshd
action = hostsdeny
- sendmail-whois[name=SSH, dest=you@mail.com]
+ sendmail-whois[name=SSH, dest=you@example.com]
ignoreregex = for myuser from
logpath = /var/log/sshd.log
@@ -101,7 +101,7 @@ maxretry = 6
enabled = false
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
- sendmail[name=Postfix, dest=you@mail.com]
+ sendmail[name=Postfix, dest=you@example.com]
logpath = /var/log/postfix.log
bantime = 300
@@ -112,7 +112,7 @@ bantime = 300
enabled = false
filter = vsftpd
-action = sendmail-whois[name=VSFTPD, dest=you@mail.com]
+action = sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@@ -124,7 +124,7 @@ bantime = 1800
enabled = false
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=VSFTPD, dest=you@mail.com]
+ sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@@ -137,7 +137,7 @@ bantime = 1800
enabled = false
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
- sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com]
+ sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
logpath = /var/www/*/logs/access_log
bantime = 172800
maxretry = 1
@@ -149,7 +149,7 @@ maxretry = 1
enabled = false
filter = apache-noscript
action = shorewall
- sendmail[name=Postfix, dest=you@mail.com]
+ sendmail[name=Postfix, dest=you@example.com]
logpath = /var/log/apache2/error_log
# Ban attackers that try to use PHP's URL-fopen() functionality
@@ -190,7 +190,7 @@ maxretry = 2
enabled = false
filter = sshd
action = ipfw[localhost=192.168.0.1]
- sendmail-whois[name="SSH,IPFW", dest=you@mail.com]
+ sendmail-whois[name="SSH,IPFW", dest=you@example.com]
logpath = /var/log/auth.log
ignoreip = 168.192.0.1
@@ -224,7 +224,7 @@ ignoreip = 168.192.0.1
# enabled = false
# filter = named-refused
# action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
-# sendmail-whois[name=Named, dest=you@mail.com]
+# sendmail-whois[name=Named, dest=you@example.com]
# logpath = /var/log/named/security.log
# ignoreip = 168.192.0.1
@@ -235,7 +235,7 @@ ignoreip = 168.192.0.1
enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
- sendmail-whois[name=Named, dest=you@mail.com]
+ sendmail-whois[name=Named, dest=you@example.com]
logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
View
2  files/nagios/check_fail2ban 100644 → 100755
@@ -99,7 +99,7 @@ elif [ $final_exit -ne "0" ]; then
# put a txt file on your server and describe how to fix the issue, this
# could be attached to the mail.
######################################################################
-# mutt -s "FAIL2BAN NOT WORKING" your@email.com < /home/f2ban.txt
+# mutt -s "FAIL2BAN NOT WORKING" your@example.com < /home/f2ban.txt
exitstatus=$STATE_CRITICAL
fi
Please sign in to comment.
Something went wrong with that request. Please try again.