Your message dated Fri, 23 Nov 2007 18:02:02 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#451093: fixed in fail2ban 0.8.1-3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: fail2ban Version: 0.8.1-2 Severity: wishlist The filters: /etc/fail2ban/filter.d/sshd.conf /etc/fail2ban/filter.d/sshd-ddos.conf don't trigger the IP addresses blocked by the /etc/hosts.deny file. I think is desirable that fail2ban identify these attempts. I've added the following line to sshd.conf failregex = refused connect from <HOST>\s that correctly work with: Nov 13 03:42:11 Server sshd[4240]: refused connect from ::ffff:210.21.243.47 (::ffff:210.21.243.47) but don't work with the following line, from my auth.log: Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161) the error on fail2ban.log file is: 2007-11-12 14:16:33,923 fail2ban.filter : WARNING Unable to find a corresponding IP address for _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 I think that "<HOST>" macro on filters is bad. I also tried with "<host>" but without any success. My configuration files are: jail.local: [ssh] maxretry = 2 protocol = tcp sshd.local: [Definition] failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$ Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$ ROOT LOGIN REFUSED.* FROM <HOST>\s*$ [iI](?:llegal|nvalid) user .* from <HOST>\s*$ User .+ from <HOST> not allowed because not listed in AllowUsers\s*$ User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$ refused connect from <HOST>\s ignoreregex = Thank you for your attention and thank you for package maintaining. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (560, 'testing'), (545, 'testing-proposed-updates'), (540, 'testing'), (460, 'stable'), (445, 'proposed-updates'), (440, 'stable'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core) Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages fail2ban depends on: ii iptables 1.3.8.0debian1-1 administration tools for packet fi ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii python 2.4.4-6 An interactive high-level object-o ii python-central 0.5.15 register and build utility for Pyt fail2ban recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: fail2ban Source-Version: 0.8.1-3 We believe that the bug you reported is fixed in the latest version of fail2ban, which is due to be installed in the Debian FTP archive: fail2ban_0.8.1-3.diff.gz to pool/main/f/fail2ban/fail2ban_0.8.1-3.diff.gz fail2ban_0.8.1-3.dsc to pool/main/f/fail2ban/fail2ban_0.8.1-3.dsc fail2ban_0.8.1-3_all.deb to pool/main/f/fail2ban/fail2ban_0.8.1-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yaroslav Halchenko <[EMAIL PROTECTED]> (supplier of updated fail2ban package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 23 Nov 2007 11:42:24 -0500 Source: fail2ban Binary: fail2ban Architecture: source all Version: 0.8.1-3 Distribution: unstable Urgency: low Maintainer: Yaroslav Halchenko <[EMAIL PROTECTED]> Changed-By: Yaroslav Halchenko <[EMAIL PROTECTED]> Description: fail2ban - bans IPs that cause multiple authentication errors Closes: 436053 451093 Changes: fail2ban (0.8.1-3) unstable; urgency=low . * Added Vcs- fields, moved Homepage into source header's field * Propagated patch from 0.9 upstream branch: "Replaced ssocket.py with asyncore/asynchat implementation. Correct fix for bug #1769616. That is supposed to resolve spontaneous 100% CPU utilization by fail2ban-server." * BF: removed sftp from ssh jails (closes: #436053) * NF: new filter for 'refused connect' (closes: #451093). Thanks Guido Bozzetto * Moved iptables into recommends since fail2ban can work without iptables using some other action (e.g hosts.deny) Files: 06f1151c70e8c21742c12af682eadcc3 805 net optional fail2ban_0.8.1-3.dsc 05383ef4e31c63c76e29d23aced94e65 27120 net optional fail2ban_0.8.1-3.diff.gz e308ba7dac8cd59f5fddb2abeb93cda4 78410 net optional fail2ban_0.8.1-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHRxRjjRFFY3XAJMgRApaOAJsFRAkwg1cxNPtdEL8yKlqwPC5vlwCeIPeO WbI3iporwENf4ZNlQ4PUssM= =d18G -----END PGP SIGNATURE-----
--- End Message ---
