Permalink
Browse files

Upgraded to fresh upstream 0.7.8

  • Loading branch information...
2 parents 018484d + bf72fe7 commit d77f67bb890ca240e74e0fb25ab56f7cca070823 @yarikoptic yarikoptic committed Oct 16, 2007
View
@@ -4,9 +4,17 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.7.7) 2007/02/08
+Fail2Ban (version 0.7.8) 2007/03/21
=============================================================
+ver. 0.7.8 (2007/03/21) - release candidate
+----------
+- Fixed asctime pattern in datedetector.py
+- Added new filters/actions. Thanks to Yaroslav Halchenko
+- Added Suse init script and modified gentoo-initd. Thanks to
+ Christian Rauch
+- Moved every locking statements in a try..finally block
+
ver. 0.7.7 (2007/02/08) - release candidate
----------
- Added signal handling in fail2ban-client
View
@@ -1,6 +1,6 @@
Metadata-Version: 1.0
Name: fail2ban
-Version: 0.7.7
+Version: 0.7.8
Summary: Ban IPs that make too many password failure
Home-page: http://fail2ban.sourceforge.net
Author: Cyril Jaquier
View
8 README
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.7.7) 2007/02/08
+Fail2Ban (version 0.7.8) 2007/03/21
=============================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -28,8 +28,8 @@ Optional:
To install, just do:
-> tar xvfj fail2ban-0.7.7.tar.bz2
-> cd fail2ban-0.7.7
+> tar xvfj fail2ban-0.7.8.tar.bz2
+> cd fail2ban-0.7.8
> python setup.py install
This will install Fail2Ban into /usr/share/fail2ban. The
@@ -73,7 +73,7 @@ Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
-René Berber, mEDI, Axel Thimm, Eric Gerbier
+René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch
License:
--------
View
14 TODO
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-ToDo $Revision: 540 $
+ToDo $Revision: 557 $
=============================================================
Legend:
@@ -13,16 +13,24 @@ Legend:
# partially done
* done
+- Removed relative imports
+
+- Discuss where Fail2ban should be installed (/usr/share,
+ /usr/lib/python/site-packages/, etc)
+
+- Cleanup fail2ban-client and fail2ban-server. Move code to
+ server/ and client/
+
- Add timeout to external commands (signal alarm, watchdog
thread, etc)
-- New backend: pynotify
+- New backend: pyinotify
- Uniformize filters and actions name. Use the software name
(openssh, postfix, proftp)
- Added <USER> tag for failregex. Add features using this
- information
+ information. Maybe add more tags
- Look at the memory consumption. Decrease memory usage
View
@@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
-# $Revision: 537 $
+# $Revision: 547 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 537 $"
-__date__ = "$Date: 2007-02-01 21:50:12 +0100 (Thu, 01 Feb 2007) $"
+__version__ = "$Revision: 547 $"
+__date__ = "$Date: 2007-02-12 00:21:56 +0100 (Mon, 12 Feb 2007) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -68,13 +68,18 @@ def beautify(self, response):
msg = "Added jail " + response
elif inC[0:1] == ['status']:
if len(inC) > 1:
+ # Create IP list
+ ipList = ""
+ for ip in response[1][1][2][1]:
+ ipList += ip + " "
+ # Display information
msg = "Status for the jail: " + inC[1] + "\n"
msg = msg + "|- " + response[0][0] + "\n"
msg = msg + "| |- " + response[0][1][0][0] + ":\t" + `response[0][1][0][1]` + "\n"
msg = msg + "| `- " + response[0][1][1][0] + ":\t" + `response[0][1][1][1]` + "\n"
msg = msg + "`- " + response[1][0] + "\n"
msg = msg + " |- " + response[1][1][0][0] + ":\t" + `response[1][1][0][1]` + "\n"
- msg = msg + " | `- " + response[1][1][2][0] + ":\t" + `response[1][1][2][1]` + "\n"
+ msg = msg + " | `- " + response[1][1][2][0] + ":\t" + ipList + "\n"
msg = msg + " `- " + response[1][1][1][0] + ":\t" + `response[1][1][1][1]`
else:
msg = "Status\n"
View
@@ -16,12 +16,12 @@
# Author: Cyril Jaquier
#
-# $Revision: 543 $
+# $Revision: 561 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 543 $"
-__date__ = "$Date: 2007-02-08 22:14:01 +0100 (Thu, 08 Feb 2007) $"
+__version__ = "$Revision: 561 $"
+__date__ = "$Date: 2007-03-21 22:44:07 +0100 (Wed, 21 Mar 2007) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
-version = "0.7.7"
+version = "0.7.8"
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 496 $
+# $Revision: 554 $
#
[Definition]
@@ -11,13 +11,13 @@
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
-actionstart = touch <tmpfile>
+actionstart =
# Option: actionend
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = rm -f <tmpfile>
+actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
@@ -0,0 +1,88 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 510 $
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = echo -en "Hi,\n
+ The jail <name> has been started successfuly.\n
+ Output will be buffered until <lines> lines are available.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
+
+# Option: actionend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = if [ -d <tmpfile> ]; then
+ echo -en "Hi,\n
+ These hosts have been banned by Fail2Ban.\n
+ `cat <tmpfile>`
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
+ rm <tmpfile>
+ fi
+ echo -en "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = echo `date`": <ip> (<failures> failures)" >> <tmpfile>
+ LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
+ if [ $LINE -eq <lines> ]; then
+ echo -en "Hi,\n
+ These hosts have been banned by Fail2Ban.\n
+ `cat <tmpfile>`
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
+ rm <tmpfile>
+ fi
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban =
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Default number of lines that are buffered
+#
+lines = 5
+
+# Default temporary file
+#
+tmpfile = /tmp/fail2ban-mail.txt
+
+# Destination/Addressee of the mail
+#
+dest = root
@@ -0,0 +1,26 @@
+# Fail2Ban configuration file
+#
+# List of bad bots fetched from http://www.user-agents.org
+# Generated on Sun Feb 11 01:09:15 EST 2007 by ./badbots.sh
+#
+# Author: Yaroslav Halchenko
+#
+
+[Definition]
+
+badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02
+badbots = atSpider/1\.0|autoemailspider|China Local Browse 2\.6|ContentSmartz|DataCha0s/2\.0|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 +http\://letscrawl\.com/|Lincoln State Web Browser|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|MVAClient|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|sogou spider|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|WebVulnCrawl\.blogspot\.com/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00
+
+# Option: failregex
+# Notes.: Regexp to catch known spambots and software alike. Please verify
+# that it is your intent to block IPs which were driven by
+# abovementioned bots.
+# Values: TEXT
+#
+failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 510 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+#
+failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address)
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
@@ -0,0 +1,29 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified: Yaroslav Halchenko for pure-ftpd
+#
+# $Revision: 3$
+#
+
+[Definition]
+
+# Error message specified in multiple languages
+__errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'utilisateur)
+
+#
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+#
+failregex = pure-ftpd: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
+
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: 510 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+#
+failregex = sshd\[\S*\]: Did not receive identification string from <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
@@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 532 $
+# $Revision: 551 $
#
[Definition]
@@ -15,7 +15,7 @@
# Values: TEXT
#
failregex = Authentication failure for .* from <HOST>
- Failed [-/\w+]+ for .* from <HOST>
+ Failed [-/\w]+ for .* from <HOST>
ROOT LOGIN REFUSED .* FROM <HOST>
[iI](?:llegal|nvalid) user .* from <HOST>
Oops, something went wrong.

0 comments on commit d77f67b

Please sign in to comment.