Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Imported upstream version 0.8.2

  • Loading branch information...
commit c38fe3a8e3b817787cebcd7a9902af9a57f8eea6 1 parent bce05a1
@yarikoptic yarikoptic authored
Showing with 1,377 additions and 1,137 deletions.
  1. +38 −1 CHANGELOG → ChangeLog
  2. +3 −3 PKG-INFO
  3. +7 −6 README
  4. +1 −8 TODO
  5. +8 −3 client/beautifier.py
  6. +108 −0 client/configparserinc.py
  7. +12 −10 client/configreader.py
  8. +11 −9 client/configurator.py
  9. +6 −5 client/csocket.py
  10. +6 −5 client/jailreader.py
  11. +21 −7 client/jailsreader.py
  12. +5 −6 common/protocol.py
  13. +4 −4 common/version.py
  14. +3 −3 config/action.d/hostsdeny.conf
  15. +4 −4 config/action.d/ipfw.conf
  16. +2 −2 config/action.d/iptables-allports.conf
  17. +78 −0 config/action.d/iptables-multiport-log.conf
  18. +2 −2 config/action.d/iptables-multiport.conf
  19. +2 −2 config/action.d/iptables-new.conf
  20. +2 −2 config/action.d/iptables.conf
  21. +7 −7 config/action.d/mail-buffered.conf
  22. +10 −10 config/action.d/mail-whois-lines.conf
  23. +5 −5 config/action.d/mail-whois.conf
  24. +5 −5 config/action.d/mail.conf
  25. +7 −7 config/action.d/sendmail-buffered.conf
  26. +5 −5 config/action.d/sendmail-whois-lines.conf
  27. +5 −5 config/action.d/sendmail-whois.conf
  28. +5 −5 config/action.d/sendmail.conf
  29. +12 −4 config/action.d/shorewall.conf
  30. +3 −3 config/fail2ban.conf
  31. +3 −1 config/filter.d/apache-badbots.conf
  32. +2 −2 config/filter.d/apache-noscript.conf
  33. +20 −0 config/filter.d/apache-overflows.conf
  34. +41 −0 config/filter.d/common.conf
  35. +4 −7 config/filter.d/named-refused.conf
  36. +5 −3 config/filter.d/proftpd.conf
  37. +18 −7 config/filter.d/sshd.conf
  38. +2 −2 config/filter.d/vsftpd.conf
  39. +30 −0 config/filter.d/xinetd-fail.conf
  40. +9 −9 config/jail.conf
  41. +45 −17 fail2ban-client
  42. +20 −15 fail2ban-regex
  43. +12 −9 fail2ban-server
  44. +3 −3 files/cacti/README
  45. +19 −0 files/macosx-initd
  46. +11 −19 man/fail2ban-client.1
  47. +5 −5 man/fail2ban-regex.1
  48. +5 −5 man/fail2ban-server.1
  49. +8 −5 server/action.py
  50. +155 −0 server/asyncserver.py
  51. +6 −5 server/banmanager.py
  52. +0 −50 server/banticket.py
  53. +32 −57 server/datedetector.py
  54. +0 −44 server/dateepoch.py
  55. +0 −84 server/datestrptime.py
  56. +0 −46 server/datetai64n.py
  57. +111 −16 server/datetemplate.py
  58. +4 −4 server/failmanager.py
  59. +75 −5 server/failregex.py
  60. +0 −37 server/failticket.py
  61. +206 −197 server/filter.py
  62. +11 −11 server/filtergamin.py
  63. +12 −12 server/filterpoll.py
  64. +9 −6 server/mytime.py
  65. +0 −93 server/regex.py
  66. +40 −31 server/server.py
  67. +0 −136 server/ssocket.py
  68. +28 −4 server/ticket.py
  69. +3 −15 server/transmitter.py
  70. +5 −5 setup.py
  71. +5 −5 testcases/banmanagertestcase.py
  72. +15 −15 testcases/datedetectortestcase.py
  73. +5 −6 testcases/failmanagertestcase.py
  74. +6 −6 testcases/filtertestcase.py
View
39 CHANGELOG → ChangeLog
@@ -4,9 +4,46 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.8.1) 2007/08/14
+Fail2Ban (version 0.8.2) 2008/03/06
=============================================================
+ver. 0.8.2 (2008/03/06) - stable
+----------
+- Fixed named filter. Thanks to Yaroslav Halchenko
+- Fixed wrong path for apache-auth in jail.conf. Thanks to
+ Vincent Deffontaines
+- Fixed timezone bug with epoch date template. Thanks to
+ Michael Hanselmann
+- Added "full line failregex" patch. Thanks to Yaroslav
+ Halchenko. It will be possible to create stronger failregex
+ against log injection
+- Fixed ipfw action script. Thanks to Nick Munger
+- Removed date from logging message when using SYSLOG. Thanks
+ to Iain Lea
+- Fixed "ignore IPs". Only the first value was taken into
+ account. Thanks to Adrien Clerc
+- Moved socket to /var/run/fail2ban.
+- Rewrote the communication server.
+- Refactoring. Reduced number of files.
+- Removed Python 2.4. Minimum required version is now Python
+ 2.3.
+- New log rotation detection algorithm.
+- Print monitored files in status.
+- Create a PID file in /var/run/fail2ban/. Thanks to Julien
+ Perez.
+- Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed
+ this out. Thanks to Yaroslav Halchenko for the fix.
+- "reload <jail>" reloads a single jail and the parameters in
+ fail2ban.conf.
+- Added Mac OS/X startup script. Thanks to Bill Heaton.
+- Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
+- Replaced "echo" with "printf" in actions. Fix #1839673
+- Replaced "reject" with "drop" in shorwall action. Fix
+ #1854875
+- Fixed Debian bug #456567, #468477, #462060, #461426
+- readline is now optional in fail2ban-client (not needed in
+ fail2ban-server).
+
ver. 0.8.1 (2007/08/14) - stable
----------
- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
View
6 PKG-INFO
@@ -1,10 +1,10 @@
Metadata-Version: 1.0
Name: fail2ban
-Version: 0.8.1
+Version: 0.8.2
Summary: Ban IPs that make too many password failure
-Home-page: http://fail2ban.sourceforge.net
+Home-page: http://www.fail2ban.org
Author: Cyril Jaquier
-Author-email: lostcontrol@users.sourceforge.net
+Author-email: cyril.jaquier@fail2ban.org
License: GPL
Description:
Fail2Ban scans log files like /var/log/pwdfail or
View
13 README
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.8.1) 2007/08/14
+Fail2Ban (version 0.8.2) 2008/03/06
=============================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -21,15 +21,15 @@ Installation:
-------------
Required:
- >=python-2.4 (http://www.python.org)
+ >=python-2.3 (http://www.python.org)
Optional:
>=gamin-0.0.21 (http://www.gnome.org/~veillard/gamin)
To install, just do:
-> tar xvfj fail2ban-0.8.1.tar.bz2
-> cd fail2ban-0.8.1
+> tar xvfj fail2ban-0.8.2.tar.bz2
+> cd fail2ban-0.8.2
> python setup.py install
This will install Fail2Ban into /usr/share/fail2ban. The
@@ -62,7 +62,7 @@ appreciate this program, you can contact me at:
Website: http://www.fail2ban.org
-Cyril Jaquier: <lostcontrol@users.sourceforge.net>
+Cyril Jaquier: <cyril.jaquier@fail2ban.org>
Thanks:
-------
@@ -75,7 +75,8 @@ Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch,
Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner,
Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
-Delvit, Vaclav Misek
+Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann,
+Vincent Deffontaines, Bill Heaton and many others.
License:
--------
View
9 TODO
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-ToDo $Revision: 557 $
+ToDo $Revision: 653 $
=============================================================
Legend:
@@ -15,9 +15,6 @@ Legend:
- Removed relative imports
-- Discuss where Fail2ban should be installed (/usr/share,
- /usr/lib/python/site-packages/, etc)
-
- Cleanup fail2ban-client and fail2ban-server. Move code to
server/ and client/
@@ -45,12 +42,8 @@ Legend:
- Add gettext support (I18N)
-- Fix the cPickle issue with Python 2.5
-
- Multiline log reading
-- Improve communication. (asyncore, asynchat??)
-
- Improve execution of action. Why does subprocess.call
deadlock with multi-jails?
View
11 client/beautifier.py
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 547 $
+# $Revision: 644 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 547 $"
-__date__ = "$Date: 2007-02-12 00:21:56 +0100 (Mon, 12 Feb 2007) $"
+__version__ = "$Revision: 644 $"
+__date__ = "$Date: 2008-01-15 00:12:21 +0100 (Tue, 15 Jan 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -72,9 +72,14 @@ def beautify(self, response):
ipList = ""
for ip in response[1][1][2][1]:
ipList += ip + " "
+ # Creates file list.
+ fileList = ""
+ for f in response[0][1][2][1]:
+ fileList += f + " "
# Display information
msg = "Status for the jail: " + inC[1] + "\n"
msg = msg + "|- " + response[0][0] + "\n"
+ msg = msg + "| |- " + response[0][1][2][0] + ":\t" + fileList + "\n"
msg = msg + "| |- " + response[0][1][0][0] + ":\t" + `response[0][1][0][1]` + "\n"
msg = msg + "| `- " + response[0][1][1][0] + ":\t" + `response[0][1][1][1]` + "\n"
msg = msg + "`- " + response[1][0] + "\n"
View
108 client/configparserinc.py
@@ -0,0 +1,108 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Yaroslav Halchenko
+# Modified: Cyril Jaquier
+# $Revision: 656 $
+
+__author__ = 'Yaroslav Halhenko'
+__revision__ = '$Revision: $'
+__date__ = '$Date: $'
+__copyright__ = 'Copyright (c) 2007 Yaroslav Halchenko'
+__license__ = 'GPL'
+
+import logging, os
+from ConfigParser import SafeConfigParser
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+class SafeConfigParserWithIncludes(SafeConfigParser):
+ """
+ Class adds functionality to SafeConfigParser to handle included
+ other configuration files (or may be urls, whatever in the future)
+
+ File should have section [includes] and only 2 options implemented
+ are 'files_before' and 'files_after' where files are listed 1 per
+ line.
+
+ Example:
+
+[INCLUDES]
+before = 1.conf
+ 3.conf
+
+after = 1.conf
+
+ It is a simple implementation, so just basic care is taken about
+ recursion. Includes preserve right order, ie new files are
+ inserted to the list of read configs before original, and their
+ includes correspondingly so the list should follow the leaves of
+ the tree.
+
+ I wasn't sure what would be the right way to implement generic (aka c++
+ template) so we could base at any *configparser class... so I will
+ leave it for the future
+
+ """
+
+ SECTION_NAME = "INCLUDES"
+
+ #@staticmethod
+ def getIncludes(resource, seen = []):
+ """
+ Given 1 config resource returns list of included files
+ (recursively) with the original one as well
+ Simple loops are taken care about
+ """
+
+ # Use a short class name ;)
+ SCPWI = SafeConfigParserWithIncludes
+
+ parser = SafeConfigParser()
+ parser.read(resource)
+
+ resourceDir = os.path.dirname(resource)
+
+ newFiles = [ ('before', []), ('after', []) ]
+ if SCPWI.SECTION_NAME in parser.sections():
+ for option_name, option_list in newFiles:
+ if option_name in parser.options(SCPWI.SECTION_NAME):
+ newResources = parser.get(SCPWI.SECTION_NAME, option_name)
+ for newResource in newResources.split('\n'):
+ if os.path.isabs(newResource):
+ r = newResource
+ else:
+ r = "%s/%s" % (resourceDir, newResource)
+ if r in seen:
+ continue
+ s = seen + [resource]
+ option_list += SCPWI.getIncludes(r, s)
+ # combine lists
+ return newFiles[0][1] + [resource] + newFiles[1][1]
+ #print "Includes list for " + resource + " is " + `resources`
+ getIncludes = staticmethod(getIncludes)
+
+
+ def read(self, filenames):
+ fileNamesFull = []
+ if not isinstance(filenames, list):
+ filenames = [ filenames ]
+ for filename in filenames:
+ fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
+ logSys.debug("Reading files: %s" % fileNamesFull)
+ return SafeConfigParser.read(self, fileNamesFull)
+
View
22 client/configreader.py
@@ -15,38 +15,40 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# Author: Cyril Jaquier
-#
-# $Revision: 458 $
+# Modified by: Yaroslav Halchenko (SafeConfigParserWithIncludes)
+# $Revision: 656 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 458 $"
-__date__ = "$Date: 2006-11-12 15:52:36 +0100 (Sun, 12 Nov 2006) $"
+__version__ = "$Revision: 656 $"
+__date__ = "$Date: 2008-03-04 01:17:56 +0100 (Tue, 04 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
import logging, os
-from ConfigParser import SafeConfigParser
+from configparserinc import SafeConfigParserWithIncludes
from ConfigParser import NoOptionError, NoSectionError
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.client.config")
-class ConfigReader(SafeConfigParser):
+class ConfigReader(SafeConfigParserWithIncludes):
BASE_DIRECTORY = "/etc/fail2ban/"
def __init__(self):
- SafeConfigParser.__init__(self)
+ SafeConfigParserWithIncludes.__init__(self)
self.__opts = None
- @staticmethod
+ #@staticmethod
def setBaseDir(folderName):
path = folderName.rstrip('/')
ConfigReader.BASE_DIRECTORY = path + '/'
+ setBaseDir = staticmethod(setBaseDir)
- @staticmethod
+ #@staticmethod
def getBaseDir():
return ConfigReader.BASE_DIRECTORY
+ getBaseDir = staticmethod(getBaseDir)
def read(self, filename):
basename = ConfigReader.BASE_DIRECTORY + filename
@@ -54,7 +56,7 @@ def read(self, filename):
bConf = basename + ".conf"
bLocal = basename + ".local"
if os.path.exists(bConf) or os.path.exists(bLocal):
- SafeConfigParser.read(self, [bConf, bLocal])
+ SafeConfigParserWithIncludes.read(self, [bConf, bLocal])
return True
else:
logSys.error(bConf + " and " + bLocal + " do not exist")
View
20 client/configurator.py
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 518 $
+# $Revision: 655 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 518 $"
-__date__ = "$Date: 2007-01-08 22:15:47 +0100 (Mon, 08 Jan 2007) $"
+__version__ = "$Revision: 655 $"
+__date__ = "$Date: 2008-03-04 01:13:39 +0100 (Tue, 04 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -40,13 +40,15 @@ def __init__(self):
self.__fail2ban = Fail2banReader()
self.__jails = JailsReader()
- @staticmethod
+ #@staticmethod
def setBaseDir(folderName):
ConfigReader.setBaseDir(folderName)
+ setBaseDir = staticmethod(setBaseDir)
- @staticmethod
+ #@staticmethod
def getBaseDir():
return ConfigReader.getBaseDir()
+ getBaseDir = staticmethod(getBaseDir)
def readEarly(self):
self.__fail2ban.read()
@@ -54,13 +56,13 @@ def readEarly(self):
def readAll(self):
self.readEarly()
self.__jails.read()
-
+
def getEarlyOptions(self):
return self.__fail2ban.getEarlyOptions()
-
- def getAllOptions(self):
+
+ def getOptions(self, jail = None):
self.__fail2ban.getOptions()
- return self.__jails.getOptions()
+ return self.__jails.getOptions(jail)
def convertToProtocol(self):
self.__streams["general"] = self.__fail2ban.convert()
View
11 client/csocket.py
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 459 $
+# $Revision: 635 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 459 $"
-__date__ = "$Date: 2006-11-12 22:55:57 +0100 (Sun, 12 Nov 2006) $"
+__version__ = "$Revision: 635 $"
+__date__ = "$Date: 2007-12-16 22:38:04 +0100 (Sun, 16 Dec 2007) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -32,7 +32,7 @@ class CSocket:
END_STRING = "<F2B_END_COMMAND>"
- def __init__(self, sock = "/tmp/fail2ban.sock"):
+ def __init__(self, sock = "/var/run/fail2ban/fail2ban.sock"):
# Create an INET, STREAMing socket
#self.csock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.__csock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
@@ -47,7 +47,7 @@ def send(self, msg):
self.__csock.close()
return ret
- @staticmethod
+ #@staticmethod
def receive(sock):
msg = ''
while msg.rfind(CSocket.END_STRING) == -1:
@@ -56,3 +56,4 @@ def receive(sock):
raise RuntimeError, "socket connection broken"
msg = msg + chunk
return loads(msg)
+ receive = staticmethod(receive)
View
11 client/jailreader.py
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 509 $
+# $Revision: 659 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 509 $"
-__date__ = "$Date: 2007-01-04 12:58:58 +0100 (Thu, 04 Jan 2007) $"
+__version__ = "$Revision: 659 $"
+__date__ = "$Date: 2008-03-05 00:09:30 +0100 (Wed, 05 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -90,7 +90,7 @@ def getOptions(self):
self.__actions.append(action)
else:
raise AttributeError("Unable to read action")
- except AttributeError, e:
+ except Exception, e:
logSys.error("Error in action definition " + act)
logSys.debug(e)
return False
@@ -129,7 +129,7 @@ def convert(self):
stream.insert(0, ["add", self.__name, backend])
return stream
- @staticmethod
+ #@staticmethod
def splitAction(action):
m = JailReader.actionCRE.match(action)
d = dict()
@@ -165,3 +165,4 @@ def splitAction(action):
except IndexError:
logSys.error("Invalid argument %s in '%s'" % (p, m.group(2)))
return [m.group(1), d]
+ splitAction = staticmethod(splitAction)
View
28 client/jailsreader.py
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 518 $
+# $Revision: 655 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 518 $"
-__date__ = "$Date: 2007-01-08 22:15:47 +0100 (Mon, 08 Jan 2007) $"
+__version__ = "$Revision: 655 $"
+__date__ = "$Date: 2008-03-04 01:13:39 +0100 (Tue, 04 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -40,12 +40,13 @@ def __init__(self):
def read(self):
ConfigReader.read(self, "jail")
- def getOptions(self):
+ def getOptions(self, section = None):
opts = []
self.__opts = ConfigReader.getOptions(self, "Definition", opts)
- for sec in self.sections():
- jail = JailReader(sec)
+ if section:
+ # Get the options of a specific jail.
+ jail = JailReader(section)
jail.read()
ret = jail.getOptions()
if ret:
@@ -53,8 +54,21 @@ def getOptions(self):
# We only add enabled jails
self.__jails.append(jail)
else:
- logSys.error("Errors in jail '" + sec + "'. Skipping...")
+ logSys.error("Errors in jail '%s'. Skipping..." % section)
return False
+ else:
+ # Get the options of all jails.
+ for sec in self.sections():
+ jail = JailReader(sec)
+ jail.read()
+ ret = jail.getOptions()
+ if ret:
+ if jail.isEnabled():
+ # We only add enabled jails
+ self.__jails.append(jail)
+ else:
+ logSys.error("Errors in jail '" + sec + "'. Skipping...")
+ return False
return True
def convert(self):
View
11 common/protocol.py
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 529 $
+# $Revision: 662 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 529 $"
-__date__ = "$Date: 2007-01-29 21:27:51 +0100 (Mon, 29 Jan 2007) $"
+__version__ = "$Revision: 662 $"
+__date__ = "$Date: 2008-03-05 00:41:58 +0100 (Wed, 05 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -33,6 +33,7 @@
['', "BASIC", ""],
["start", "starts the server and the jails"],
["reload", "reloads the configuration"],
+["reload <JAIL>", "reloads the jail <JAIL>"],
["stop", "stops all jails and terminate the server"],
["status", "gets the current status of the server"],
["ping", "tests if the server is alive"],
@@ -51,9 +52,7 @@
["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"],
["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"],
["set <JAIL> addlogpath <FILE>", "adds <FILE> to the monitoring list of <JAIL>"],
-["set <JAIL> dellogpath <FILE>", "removes <FILE> to the monitoring list of <JAIL>"],
-["set <JAIL> timeregex <REGEX>", "sets the regular expression <REGEX> to match the date format for <JAIL>. This will disable the autodetection feature."],
-["set <JAIL> timepattern <PATTERN>", "sets the pattern <PATTERN> to match the date format for <JAIL>. This will disable the autodetection feature."],
+["set <JAIL> dellogpath <FILE>", "removes <FILE> to the monitoring list of <JAIL>"],
["set <JAIL> addfailregex <REGEX>", "adds the regular expression <REGEX> which must match failures for <JAIL>"],
["set <JAIL> delfailregex <INDEX>", "removes the regular expression at <INDEX> for failregex"],
["set <JAIL> addignoreregex <REGEX>", "adds the regular expression <REGEX> which should match pattern to exclude for <JAIL>"],
View
8 common/version.py
@@ -16,12 +16,12 @@
# Author: Cyril Jaquier
#
-# $Revision: 614 $
+# $Revision: 673 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 614 $"
-__date__ = "$Date: 2007-08-14 23:39:15 +0200 (Tue, 14 Aug 2007) $"
+__version__ = "$Revision: 673 $"
+__date__ = "$Date: 2008-03-06 00:19:45 +0100 (Thu, 06 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
-version = "0.8.1"
+version = "0.8.2"
View
6 config/action.d/hostsdeny.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 554 $
+# $Revision: 660 $
#
[Definition]
@@ -13,7 +13,7 @@
#
actionstart =
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
@@ -34,7 +34,7 @@ actioncheck =
# Values: CMD
#
actionban = IP=<ip> &&
- echo "ALL: $IP" >> <file>
+ printf %%b "ALL: $IP\n" >> <file>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
View
8 config/action.d/ipfw.conf
@@ -3,7 +3,7 @@
# Author: Nick Munger
# Modified by: Cyril Jaquier
#
-# $Revision: 510 $
+# $Revision: 658 $
#
[Definition]
@@ -15,7 +15,7 @@
actionstart =
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
@@ -37,7 +37,7 @@ actioncheck =
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = ipaction add deny tcp from <ip> to <localhost> <port>
+actionban = ipfw add deny tcp from <ip> to <localhost> <port>
# Option: actionunban
@@ -48,7 +48,7 @@ actionban = ipaction add deny tcp from <ip> to <localhost> <port>
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionunban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
+actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
[Init]
View
4 config/action.d/iptables-allports.conf
@@ -4,7 +4,7 @@
# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
# made active on all ports from original iptables.conf
#
-# $Revision: 606 $
+# $Revision: 658 $
#
[Definition]
@@ -17,7 +17,7 @@ actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -j fail2ban-<name>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
View
78 config/action.d/iptables-multiport-log.conf
@@ -0,0 +1,78 @@
+# Fail2Ban configuration file
+#
+# Author: Guido Bozzetto
+# Modified: Cyril Jaquier
+#
+# make "fail2ban-<name>" chain to match drop IP
+# make "fail2ban-<name>-log" chain to log and drop
+# insert a jump to fail2ban-<name> from -I INPUT if proto/port match
+#
+# $Revision: 668 $
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = iptables -N fail2ban-<name>
+ iptables -A fail2ban-<name> -j RETURN
+ iptables -I INPUT 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+ iptables -N fail2ban-<name>-log
+ iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
+ iptables -A fail2ban-<name>-log -j DROP
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+ iptables -F fail2ban-<name>
+ iptables -F fail2ban-<name>-log
+ iptables -X fail2ban-<name>
+ iptables -X fail2ban-<name>-log
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default:
+#
+port = ssh
+
+# Option: protocol
+# Notes.: internally used by config reader for interpolations.
+# Values: [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
View
4 config/action.d/iptables-multiport.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
# Modified by Yaroslav Halchenko for multiport banning
-# $Revision: 520 $
+# $Revision: 658 $
#
[Definition]
@@ -15,7 +15,7 @@ actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
View
4 config/action.d/iptables-new.conf
@@ -4,7 +4,7 @@
# Copied from iptables.conf and modified by Yaroslav Halchenko
# to fullfill the needs of bugreporter dbts#350746.
#
-# $Revision: 520 $
+# $Revision: 658 $
#
[Definition]
@@ -17,7 +17,7 @@ actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
View
4 config/action.d/iptables.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 494 $
+# $Revision: 658 $
#
[Definition]
@@ -15,7 +15,7 @@ actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
View
14 config/action.d/mail-buffered.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 510 $
+# $Revision: 668 $
#
[Definition]
@@ -11,25 +11,25 @@
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
-actionstart = echo -en "Hi,\n
+actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Output will be buffered until <lines> lines are available.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = if [ -f <tmpfile> ]; then
- echo -en "Hi,\n
+ printf %%b "Hi,\n
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
rm <tmpfile>
fi
- echo -en "Hi,\n
+ printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
@@ -48,10 +48,10 @@ actioncheck =
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = echo `date`": <ip> (<failures> failures)" >> <tmpfile>
+actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
if [ $LINE -eq <lines> ]; then
- echo -en "Hi,\n
+ printf %%b "Hi,\n
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
\nRegards,\n
View
20 config/action.d/mail-whois-lines.conf
@@ -2,36 +2,36 @@
#
# Author: Cyril Jaquier
# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
-# $Revision: 595 $
+# $Revision: 660 $
#
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
-actionstart = echo -en "Hi,\n
+actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
-# Option: fwend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = echo -en "Hi,\n
+actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -40,7 +40,7 @@ actioncheck =
# <bantime> unix timestamp of the ban time
# Values: CMD
#
-actionban = echo -en "Hi,\n
+actionban = printf %%b "Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
@@ -50,7 +50,7 @@ actionban = echo -en "Hi,\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
View
10 config/action.d/mail-whois.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 595 $
+# $Revision: 660 $
#
[Definition]
@@ -11,16 +11,16 @@
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
-actionstart = echo -en "Hi,\n
+actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = echo -en "Hi,\n
+actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
@@ -39,7 +39,7 @@ actioncheck =
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = echo -en "Hi,\n
+actionban = printf %%b "Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
View
10 config/action.d/mail.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 595 $
+# $Revision: 660 $
#
[Definition]
@@ -11,16 +11,16 @@
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
-actionstart = echo -en "Hi,\n
+actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = echo -en "Hi,\n
+actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
@@ -39,7 +39,7 @@ actioncheck =
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = echo -en "Hi,\n
+actionban = printf %%b "Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n
Regards,\n
View
14 config/action.d/sendmail-buffered.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 604 $
+# $Revision: 660 $
#
[Definition]
@@ -11,7 +11,7 @@
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
-actionstart = echo -en "Subject: [Fail2Ban] <name>: started
+actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -20,12 +20,12 @@ actionstart = echo -en "Subject: [Fail2Ban] <name>: started
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = if [ -f <tmpfile> ]; then
- echo -en "Subject: [Fail2Ban] <name>: summary
+ printf %%b "Subject: [Fail2Ban] <name>: summary
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -35,7 +35,7 @@ actionstop = if [ -f <tmpfile> ]; then
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
rm <tmpfile>
fi
- echo -en "Subject: [Fail2Ban] <name>: stopped
+ printf %%b "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -57,10 +57,10 @@ actioncheck =
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = echo `date`": <ip> (<failures> failures)" >> <tmpfile>
+actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
if [ $LINE -eq <lines> ]; then
- echo -en "Subject: [Fail2Ban] <name>: summary
+ printf %%b "Subject: [Fail2Ban] <name>: summary
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
View
10 config/action.d/sendmail-whois-lines.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 595 $
+# $Revision: 660 $
#
[Definition]
@@ -11,7 +11,7 @@
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
-actionstart = echo -en "Subject: [Fail2Ban] <name>: started
+actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -19,11 +19,11 @@ actionstart = echo -en "Subject: [Fail2Ban] <name>: started
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped
+actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -45,7 +45,7 @@ actioncheck =
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
View
10 config/action.d/sendmail-whois.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 595 $
+# $Revision: 660 $
#
[Definition]
@@ -11,7 +11,7 @@
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
-actionstart = echo -en "Subject: [Fail2Ban] <name>: started
+actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -19,11 +19,11 @@ actionstart = echo -en "Subject: [Fail2Ban] <name>: started
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped
+actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -45,7 +45,7 @@ actioncheck =
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
View
10 config/action.d/sendmail.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 595 $
+# $Revision: 660 $
#
[Definition]
@@ -11,7 +11,7 @@
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
-actionstart = echo -en "Subject: [Fail2Ban] <name>: started
+actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -19,11 +19,11 @@ actionstart = echo -en "Subject: [Fail2Ban] <name>: started
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped
+actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -45,7 +45,7 @@ actioncheck =
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
View
16 config/action.d/shorewall.conf
@@ -2,8 +2,16 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 510 $
-#
+# $Revision: 661 $
+#
+# The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see
+# file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a
+# new shorewall rule to ban an IP address, that rule will affect only new
+# connections. So if the attempter goes on trying using the same connection
+# he could even log in. In order to get the same behavior of the iptable
+# action (so that the ban is immediate) the /etc/shorewall/shorewall.conf
+# file should me modified with "BLACKLISTNEWONLY=No".
+#
[Definition]
@@ -13,7 +21,7 @@
#
actionstart =
-# Option: actionend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
@@ -33,7 +41,7 @@ actioncheck =
# <time> unix timestamp of the ban time
# Values: CMD
#
-actionban = shorewall reject <ip>
+actionban = shorewall drop <ip>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
View
6 config/fail2ban.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 494 $
+# $Revision: 629 $
#
[Definition]
@@ -28,7 +28,7 @@ logtarget = /var/log/fail2ban.log
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
-# Values: FILE Default: /tmp/fail2ban.sock
+# Values: FILE Default: /var/run/fail2ban/fail2ban.sock
#
-socket = /tmp/fail2ban.sock
+socket = /var/run/fail2ban/fail2ban.sock
View
4 config/filter.d/apache-badbots.conf
@@ -5,10 +5,12 @@
#
# Author: Yaroslav Halchenko
#
+# $Revision: 668 $
+#
[Definition]
-badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02
+badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider
badbots = atSpider/1\.0|autoemailspider|China Local Browse 2\.6|ContentSmartz|DataCha0s/2\.0|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 +http\://letscrawl\.com/|Lincoln State Web Browser|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|MVAClient|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|sogou spider|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|WebVulnCrawl\.blogspot\.com/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00
# Option: failregex
View
4 config/filter.d/apache-noscript.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 510 $
+# $Revision: 658 $
#
[Definition]
@@ -14,7 +14,7 @@
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
-failregex = [[]client <HOST>[]] File does not exist: .*(\.php|\.asp)
+failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
View
20 config/filter.d/apache-overflows.conf
@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+# Author: Tim Connors
+#
+# $Revision: 668 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: Regexp to catch Apache overflow attempts.
+# Values: TEXT
+#
+failregex = [[]client <HOST>[]] (Invalid method in request|request failed: URI too long|erroneous characters after protocol string)
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
41 config/filter.d/common.conf
@@ -0,0 +1,41 @@
+# Generic configuration items (to be used as interpolations) in other
+# filters or actions configurations
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: $
+#
+
+[INCLUDES]
+
+# Load customizations if any available
+after = common.local
+
+
+[DEFAULT]
+
+# Daemon definition is to be specialized (if needed) in .conf file
+_daemon = \S*
+
+#
+# Shortcuts for easier comprehension of the failregex
+#
+# PID.
+# EXAMPLES: [123]
+__pid_re = (?:\[\d+\])
+
+# Daemon name (with optional source_file:line or whatever)
+# EXAMPLES: pam_rhosts_auth, [sshd], pop(pam_unix)
+__daemon_re = [\[\(]?%(_daemon)s(?:\(\S+\))?[\]\)]?:?
+
+# Combinations of daemon name and PID
+# EXAMPLES: sshd[31607], pop(pam_unix)[4920]
+__daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+
+#
+# Common line prefixes (beginnings) which could be used in filters
+#
+# [hostname] [vserver tag] daemon_id spaces
+# this can be optional (for instance if we match named native log files)
+__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
+
View
11 config/filter.d/named-refused.conf
@@ -4,15 +4,13 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 608 $
+# $Revision: 616 $
#
[Definition]
-# if you want to catch only login erros from specific daemons, use smth like
-#_named_rcodes=(?:REFUSED|SERVFAIL)
-# To catch all REFUSED queries only
-_named_rcodes=REFUSED
+#
+# Daemon name
_daemon=named
#
@@ -28,7 +26,6 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
-failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
- %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
+failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
View
8 config/filter.d/proftpd.conf
@@ -2,7 +2,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 603 $
+# $Revision: 665 $
#
[Definition]
@@ -14,8 +14,10 @@
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
-failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
- \(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect password.$
+failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$
+ \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
+ \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
+ \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
View
25 config/filter.d/sshd.conf
@@ -2,11 +2,20 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 613 $
+# $Revision: 663 $
#
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
[Definition]
+_daemon = sshd
+
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
@@ -14,12 +23,14 @@
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
-failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
- Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
- ROOT LOGIN REFUSED.* FROM <HOST>\s*$
- [iI](?:llegal|nvalid) user .* from <HOST>\s*$
- User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
- User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
+failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
+ ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
+ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
+ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
+ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$
+ ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
+ ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
View
4 config/filter.d/vsftpd.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 610 $
+# $Revision: 658 $
#
[Definition]
@@ -14,7 +14,7 @@
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
-failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>\s*$
+failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
\[.+\] FAIL LOGIN: Client "<HOST>"\s*$
# Option: ignoreregex
View
30 config/filter.d/xinetd-fail.conf
@@ -0,0 +1,30 @@
+# Fail2Ban configuration file
+#
+# Author: Guido Bozzetto
+#
+# $Revision: 668 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+#
+# Cfr.: /var/log/(daemon\.|sys)log
+# libwrap => tcp wrappers: hosts.(allow|deny)
+# address => xinetd: deny_from|only_from
+# load => xinetd: max_load (temporary problem)
+#
+
+failregex = xinetd(?:\[\d{1,5}\])?: FAIL: \S+ address from=<HOST>$
+ xinetd(?:\[\d{1,5}\])?: FAIL: \S+ libwrap from=<HOST>$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
18 config/jail.conf
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 611 $
+# $Revision: 617 $
#
# The DEFAULT allows a global definition of the options. They can be override
@@ -89,8 +89,8 @@ logpath = /var/log/sshd.log
enabled = false
filter = apache-auth
action = hostsdeny
-logpath = /var/log/apache*/*access.log
- /home/www/myhomepage/access.log
+logpath = /var/log/apache*/*error.log
+ /home/www/myhomepage/error.log
maxretry = 6
# The hosts.deny path can be defined with the "file" argument if it is
@@ -170,13 +170,13 @@ ignoreip = 168.192.0.1
# with bind9 installation. You will need something like this:
#
# logging {
-# channel lame-servers_file {
-# file "/var/log/named/lame-servers.log" versions 3 size 30m;
+# channel security_file {
+# file "/var/log/named/security.log" versions 3 size 30m;
# severity dynamic;
# print-time yes;
# };
-# category lame-servers {
-# lame-servers_file;
+# category security {
+# security_file;
# };
# }
#
@@ -189,7 +189,7 @@ enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
sendmail-whois[name=Named, dest=you@mail.com]
-logpath = /var/log/named/lame-servers.log
+logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
# This jail blocks TCP traffic for DNS requests.
@@ -200,6 +200,6 @@ enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
sendmail-whois[name=Named, dest=you@mail.com]
-logpath = /var/log/named/lame-servers.log
+logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
View
62 fail2ban-client
@@ -17,16 +17,16 @@
# Author: Cyril Jaquier
#
-# $Revision: 528 $
+# $Revision: 672 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 528 $"
-__date__ = "$Date: 2007-01-29 21:27:01 +0100 (Mon, 29 Jan 2007) $"
+__version__ = "$Revision: 672 $"
+__date__ = "$Date: 2008-03-06 00:18:06 +0100 (Thu, 06 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
import sys, string, os, pickle, re, logging, signal
-import getopt, time, readline, shlex, socket
+import getopt, time, shlex, socket
# Inserts our own modules path first in the list
# fix for bug #343821
@@ -48,7 +48,8 @@ logSys = logging.getLogger("fail2ban.client")
class Fail2banClient:
- prompt = "fail2ban> "
+ SERVER = "fail2ban-server"
+ PROMPT = "fail2ban> "
def __init__(self):
self.__argv = None
@@ -65,11 +66,11 @@ class Fail2banClient:
def dispVersion(self):
print "Fail2Ban v" + version
print
- print "Copyright (c) 2004-2006 Cyril Jaquier"
+ print "Copyright (c) 2004-2008 Cyril Jaquier"
print "Copyright of modifications held by their respective authors."
print "Licensed under the GNU General Public License v2 (GPL)."
print
- print "Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>."
+ print "Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>."
print "Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>."
def dispUsage(self):
@@ -97,7 +98,7 @@ class Fail2banClient:
printFormatted()
print
- print "Report bugs to <lostcontrol@users.sourceforge.net>"
+ print "Report bugs to <cyril.jaquier@fail2ban.org>"
def dispInteractive(self):
print "Fail2Ban v" + version + " reads log file that contains password failure report"
@@ -208,6 +209,19 @@ class Fail2banClient:
else:
logSys.error("Could not find server")
return False
+ elif len(cmd) == 2 and cmd[0] == "reload":
+ if self.__ping():
+ jail = cmd[1]
+ ret = self.__readJailConfig(jail)
+ # Do not continue if configuration is not 100% valid
+ if not ret:
+ return False
+ self.__processCmd([['stop', jail]], False)
+ # Configure the server
+ return self.__processCmd(self.__stream, False)
+ else:
+ logSys.error("Could not find server")
+ return False
else:
return self.__processCmd([cmd])
@@ -222,7 +236,7 @@ class Fail2banClient:
pid = os.fork()
if pid == 0:
args = list()
- args.append("fail2ban-server")
+ args.append(self.SERVER)
# Start in background mode.
args.append("-b")
# Set the socket path.
@@ -232,14 +246,15 @@ class Fail2banClient:
if force:
args.append("-x")
try:
- # Use the PATH env
- os.execvp("fail2ban-server", args)
+ # Use the current directory.
+ exe = os.path.abspath(os.path.join(sys.path[0], self.SERVER))
+ os.execv(exe, args)
except OSError:
try:
- # Use the current directory
- os.execv("fail2ban-server", args)
+ # Use the PATH env.
+ os.execvp(self.SERVER, args)
except OSError:
- print "Could not find fail2ban-server"
+ print "Could not find %s" % self.SERVER
os.exit(-1)
@@ -326,6 +341,11 @@ class Fail2banClient:
# Interactive mode
if self.__conf["interactive"]:
try:
+ import readline
+ except ImportError:
+ logSys.error("Readline not available")
+ return False
+ try:
ret = True
if len(args) > 0:
ret = self.__processCommand(args)
@@ -333,7 +353,7 @@ class Fail2banClient:
readline.parse_and_bind("tab: complete")
self.dispInteractive()
while True:
- cmd = raw_input(self.prompt)
+ cmd = raw_input(self.PROMPT)
if cmd == "exit" or cmd == "quit":
# Exit
return True
@@ -352,16 +372,24 @@ class Fail2banClient:
def __readConfig(self):
# Read the configuration
self.__configurator.readAll()
- ret = self.__configurator.getAllOptions()
+ ret = self.__configurator.getOptions()
+ self.__configurator.convertToProtocol()
+ self.__stream = self.__configurator.getConfigStream()
+ return ret
+
+ def __readJailConfig(self, jail):
+ self.__configurator.readAll()
+ ret = self.__configurator.getOptions(jail)
self.__configurator.convertToProtocol()
self.__stream = self.__configurator.getConfigStream()
return ret
- @staticmethod
+ #@staticmethod
def dumpConfig(cmd):
for c in cmd:
print c
return True
+ dumpConfig = staticmethod(dumpConfig)
class ServerExecutionException(Exception):
View
35 fail2ban-regex
@@ -17,11 +17,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 596 $
+# $Revision: 672 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 596 $"
-__date__ = "$Date: 2007-07-10 21:54:01 +0200 (Tue, 10 Jul 2007) $"
+__version__ = "$Revision: 672 $"
+__date__ = "$Date: 2008-03-06 00:18:06 +0100 (Thu, 06 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -31,11 +31,11 @@ import getopt, sys, time, logging, os
# fix for bug #343821
sys.path.insert(1, "/usr/share/fail2ban")
-from ConfigParser import SafeConfigParser
+from client.configparserinc import SafeConfigParserWithIncludes
from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
from common.version import version
from server.filter import Filter
-from server.regex import RegexException
+from server.failregex import RegexException
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.regex")
@@ -65,7 +65,9 @@ class RegexStat:
class Fail2banRegex:
test = None
-
+
+ CONFIG_DEFAULTS = {'configpath' : "/etc/fail2ban/"}
+
def __init__(self):
self.__filter = Filter(None)
self.__ignoreregex = list()
@@ -80,18 +82,19 @@ class Fail2banRegex:
logging.getLogger("fail2ban").addHandler(self.__hdlr)
logging.getLogger("fail2ban").setLevel(logging.ERROR)
- @staticmethod
+ #@staticmethod
def dispVersion():
print "Fail2Ban v" + version
print
- print "Copyright (c) 2004-2006 Cyril Jaquier"
+ print "Copyright (c) 2004-2008 Cyril Jaquier"
print "Copyright of modifications held by their respective authors."
print "Licensed under the GNU General Public License v2 (GPL)."
print
- print "Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>."
+ print "Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>."
print "Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>."
+ dispVersion = staticmethod(dispVersion)
- @staticmethod
+ #@staticmethod
def dispUsage():
print "Usage: "+sys.argv[0]+" [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]"
print
@@ -116,7 +119,8 @@ class Fail2banRegex:
print " string a string representing an 'ignoreregex'"
print " filename path to a filter file (filter.d/sshd.conf)"
print
- print "Report bugs to <lostcontrol@users.sourceforge.net>"
+ print "Report bugs to <cyril.jaquier@fail2ban.org>"
+ dispUsage = staticmethod(dispUsage)
def getCmdLineOptions(self, optList):
""" Gets the command line options
@@ -129,13 +133,14 @@ class Fail2banRegex:
self.dispVersion()
sys.exit(0)
- @staticmethod
+ #@staticmethod
def logIsFile(value):
return os.path.isfile(value)
+ logIsFile = staticmethod(logIsFile)
def readIgnoreRegex(self, value):
if os.path.isfile(value):
- reader = SafeConfigParser()
+ reader = SafeConfigParserWithIncludes(defaults=self.CONFIG_DEFAULTS)
try:
reader.read(value)
print "Use ignoreregex file : " + value
@@ -164,7 +169,7 @@ class Fail2banRegex:
def readRegex(self, value):
if os.path.isfile(value):
- reader = SafeConfigParser()
+ reader = SafeConfigParserWithIncludes(defaults=self.CONFIG_DEFAULTS)
try:
reader.read(value)
print "Use regex file : " + value
@@ -217,7 +222,7 @@ class Fail2banRegex:
try:
self.__filter.addFailRegex(regex.getFailRegex())
try:
- ret = self.__filter.findFailure(line)
+ ret = self.__filter.processLine(line)
if not len(ret) == 0:
if found == True:
ret[0].append(True)
View
21 fail2ban-server
@@ -17,15 +17,15 @@
# Author: Cyril Jaquier
#
-# $Revision: 522 $
+# $Revision: 672 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 522 $"
-__date__ = "$Date: 2007-01-21 23:19:57 +0100 (Sun, 21 Jan 2007) $"
+__version__ = "$Revision: 672 $"
+__date__ = "$Date: 2008-03-06 00:18:06 +0100 (Thu, 06 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
-import getopt, sys
+import getopt, sys, logging
# Inserts our own modules path first in the list
# fix for bug #343821
@@ -34,6 +34,9 @@ sys.path.insert(1, "/usr/share/fail2ban")
from common.version import version
from server.server import Server
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban")
+
##
# \mainpage Fail2Ban
#
@@ -50,16 +53,16 @@ class Fail2banServer:
self.__conf = dict()
self.__conf["background"] = True
self.__conf["force"] = False
- self.__conf["socket"] = "/tmp/fail2ban.sock"
+ self.__conf["socket"] = "/var/run/fail2ban/fail2ban.sock"
def dispVersion(self):
print "Fail2Ban v" + version
print
- print "Copyright (c) 2004-2006 Cyril Jaquier"
+ print "Copyright (c) 2004-2008 Cyril Jaquier"
print "Copyright of modifications held by their respective authors."
print "Licensed under the GNU General Public License v2 (GPL)."
print
- print "Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>."
+ print "Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>."
print "Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>."
def dispUsage(self):
@@ -82,7 +85,7 @@ class Fail2banServer:
print " -h, --help display this help message"
print " -V, --version print the version"
print
- print "Report bugs to <lostcontrol@users.sourceforge.net>"
+ print "Report bugs to <cyril.jaquier@fail2ban.org>"
def __getCmdLineOptions(self, optList):
""" Gets the command line options
@@ -123,7 +126,7 @@ class Fail2banServer:
self.__server.start(self.__conf["socket"], self.__conf["force"])
return True
except Exception, e:
- print e
+ logSys.exception(e)
self.__server.quit()
return False
View
6 files/cacti/README
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.7.7) 2007/??/??
+Fail2Ban (version 0.8.2) 2008/03/06
=============================================================
Cacti is a graphing solution using RRDTool. It is possible to
@@ -13,7 +13,7 @@ use Cacti to display statistics about Fail2ban.
Installation:
-------------
-1/ Install Fail2ban version 0.7 or higher and ensure that it
+1/ Install Fail2ban version 0.8 or higher and ensure that it
works properly.
2/ The user running poller.php must have read and write
access to the socket used by Fail2ban.
@@ -30,7 +30,7 @@ appreciate this program, you can contact me at:
Website: http://www.fail2ban.org
-Cyril Jaquier: <lostcontrol@users.sourceforge.net>
+Cyril Jaquier: <cyril.jaquier@fail2ban.org>
License:
--------
View
19 files/macosx-initd
@@ -0,0 +1,19 @@
+/Library/LaunchDaemonsm/org.fail2ban.plist
+===================================
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>Disabled</key>
+ <false/>
+ <key>Label</key>
+ <string>fail2ban</string>
+ <key>ProgramArguments</key>
+ <array>
+ <string>/usr/local/bin/fail2ban-client</string>
+ <string>start</string>
+ </array>
+ <key>RunAtLoad</key>
+ <true/>
+</dict>
+</plist>
View
30 man/fail2ban-client.1
@@ -1,11 +1,12 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36.
-.TH FAIL2BAN-CLIENT "1" "August 2007" "fail2ban-client v0.8.1" "User Commands"
+.TH FAIL2BAN-CLIENT "1" "March 2008" "fail2ban-client v0.8.2" "User Commands"
.SH NAME
fail2ban-client \- configure and control the server
+.SH SYNOPSIS
+.B fail2ban-client
+[\fIOPTIONS\fR] \fI<COMMAND>\fR
.SH DESCRIPTION
-[?1034hUsage: ../fail2ban\-client [OPTIONS] <COMMAND>
-.PP
-Fail2Ban v0.8.1 reads log file that contains password failure report
+Fail2Ban v0.8.2 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.
.SH OPTIONS