Merge c656cb0 into b3ed19b

ChangeLog

@@ -26,6 +26,7 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
      with new default variable `banaction_allports` (gh-1216)
    * Fixed `fail2ban-regex` stops working on invalid (wrong encoded) character
      for python version < 3.x (gh-1248)
+   * Use postfix_log logpath for postfix-rbl jail
 
 - New Features:
    * New interpolation feature for definition config readers - `<known/parameter>`
@@ -54,6 +55,10 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
    * Enhance filter against atacker's Googlebot PTR fake records
      (gh-1226)
    * Nginx log paths extended (prefixed with "*" wildcard) (gh-1237)
+   * Added filter for openhab domotic software authentication failure with the
+     rest api and web interface (gh-1223)
+   * Add *_backend options for services to allow distros to set the default
+     backend per service, set default to systemd for Fedora as appropriate
 
 ver. 0.9.3 (2015/08/01) - lets-all-stay-friends
 ----------

config/jail.conf

@@ -217,6 +217,7 @@ action = %(action_)s
 
 port    = ssh
 logpath = %(sshd_log)s
+backend = %(sshd_backend)s
 
 
 [sshd-ddos]
@@ -225,12 +226,14 @@ logpath = %(sshd_log)s
 # in the body.
 port    = ssh
 logpath = %(sshd_log)s
+backend = %(sshd_backend)s
 
 
 [dropbear]
 
 port     = ssh
 logpath  = %(dropbear_log)s
+backend  = %(dropbear_backend)s
 
 
 [selinux-ssh]
@@ -408,6 +411,7 @@ maxretry = 5
 
 port     = http,https
 logpath  = %(syslog_daemon)s
+backend  = %(syslog_backend)s
 
 [guacamole]
 
@@ -425,12 +429,14 @@ logpath  = /var/log/monit
 
 port    = 10000
 logpath = %(syslog_authpriv)s
+backend = %(syslog_backend)s
 
 
 [froxlor-auth]
 
 port    = http,https
 logpath  = %(syslog_authpriv)s
+backend  = %(syslog_backend)s
 
 
 #
@@ -459,26 +465,30 @@ logpath = /var/log/3proxy.log
 
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(proftpd_log)s
+backend  = %(proftpd_backend)s
 
 
 [pure-ftpd]
 
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(pureftpd_log)s
+backend  = %(pureftpd_backend)s
 maxretry = 6
 
 
 [gssftpd]
 
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(syslog_daemon)s
+backend  = %(syslog_backend)s
 maxretry = 6
 
 
 [wuftpd]
 
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(wuftpd_log)s
+backend  = %(wuftpd_backend)s
 maxretry = 6
 
 
@@ -506,31 +516,36 @@ logpath  = /root/path/to/assp/logs/maillog.txt
 
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s
 
 
 [postfix]
 
 port     = smtp,465,submission
 logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s
 
 
 [postfix-rbl]
 
 port     = smtp,465,submission
-logpath  = %(syslog_mail)s
+logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s
 maxretry = 1
 
 
 [sendmail-auth]
 
 port    = submission,465,smtp
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s
 
 
 [sendmail-reject]
 
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s
 
 
 [qmail-rbl]
@@ -546,12 +561,14 @@ logpath = /service/qmail/log/main/current
 
 port    = pop3,pop3s,imap,imaps,submission,465,sieve
 logpath = %(dovecot_log)s
+backend = %(dovecot_backend)s
 
 
 [sieve]
 
 port   = smtp,465,submission
 logpath = %(dovecot_log)s
+backend = %(dovecot_backend)s
 
 
 [solid-pop3d]
@@ -587,6 +604,7 @@ logpath = /opt/kerio/mailserver/store/logs/security.log
 
 port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s
 
 
 [postfix-sasl]
@@ -596,12 +614,14 @@ port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
 logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s
 
 
 [perdition]
 
 port   = imap3,imaps,pop3,pop3s
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s
 
 
 [squirrelmail]
@@ -614,12 +634,14 @@ logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
 
 port   = imap3,imaps
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s
 
 
 [uwimap-auth]
 
 port   = imap3,imaps
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s
 
 
 #
@@ -701,6 +723,7 @@ maxretry = 10
 
 port     = 3306
 logpath  = %(mysql_log)s
+backend  = %(mysql_backend)s
 maxretry = 5
 
 
@@ -727,12 +750,14 @@ maxretry = 5
 # pam-generic filter can be customized to monitor specific subset of 'tty's
 banaction = %(banaction_allports)s
 logpath  = %(syslog_authpriv)s
+backend  = %(syslog_backend)s
 
 
 [xinetd-fail]
 
 banaction = iptables-multiport-log
 logpath   = %(syslog_daemon)s
+backend   = %(syslog_backend)s
 maxretry  = 2
 
 
@@ -763,6 +788,7 @@ action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp
 
 enabled  = false
 logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
+backend  = %(syslog_backend)s
 maxretry = 1
 
 

config/paths-common.conf

@@ -7,9 +7,13 @@ after  = paths-overrides.local
 
 [DEFAULT]
 
+default_backend = auto
+
 sshd_log = %(syslog_authpriv)s
+sshd_backend = %(default_backend)s
 
 dropbear_log = %(syslog_authpriv)s
+dropbear_backend = %(default_backend)s
 
 # There is no sensible generic defaults for syslog log targets, thus
 # leaving them empty here so that no errors while parsing/interpolating configs
@@ -18,6 +22,8 @@ syslog_ftp =
 syslog_local0 =
 syslog_mail_warn =
 syslog_user =
+# Set the default syslog backend target to default_backend
+syslog_backend = %(default_backend)s
 
 # from /etc/audit/auditd.conf
 auditd_log = /var/log/audit/audit.log
@@ -38,14 +44,17 @@ suhosin_log = %(syslog_user)s %(lighttpd_error_log)s
 
 # defaults to ftp or local2 if ftp doesn't exist
 proftpd_log = %(syslog_ftp)s
+proftpd_backend = %(default_backend)s
 
 # http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-src_proftpd.8.in?view=markup
 # defaults to ftp but can be overwritten.
 pureftpd_log = %(syslog_ftp)s
+pureftpd_backend = %(default_backend)s
 
 # ftp, daemon and then local7 are tried at configure time however it is overwriteable at configure time
 #
 wuftpd_log = %(syslog_ftp)s
+wuftpd_backend = %(default_backend)s
 
 # syslog_enable defaults to no. so it defaults to vsftpd_log_file setting of /var/log/vsftpd.log
 # No distro seems to set it to syslog by default
@@ -54,13 +63,16 @@ vsftpd_log = /var/log/vsftpd.log
 
 # Technically syslog_facility in main.cf can overwrite but no-one sane does this.
 postfix_log = %(syslog_mail_warn)s
+postfix_backend = %(default_backend)s
 
 dovecot_log = %(syslog_mail_warn)s
+dovecot_backend = %(default_backend)s
 
 # Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level
 solidpop3d_log = %(syslog_local0)s
 
 mysql_log = %(syslog_daemon)s
+mysql_backend = %(default_backend)s
 
 roundcube_errors_log = /var/log/roundcube/errors
 

config/paths-fedora.conf

@@ -37,3 +37,15 @@ exim_main_log = /var/log/exim/main.log
 mysql_log = /var/lib/mysql/mysqld.log
 
 roundcube_errors_log = /var/log/roundcubemail/errors
+
+# These services will log to the journal via syslog, so use the journal by
+# default.
+syslog_backend = systemd
+sshd_backend = systemd
+dropbear_backend = systemd
+proftpd_backend = systemd
+pureftpd_backend = systemd
+wuftpd_backend = systemd
+postfix_backend = systemd
+dovecot_backend = systemd
+mysql_backend = systemd