Your message dated Sat, 16 Nov 2013 22:46:02 -0500
with message-id <[email protected]>
and subject line somewhat stale report -- no further information was
provided... proftpd needs time parsing fix (submitted upstream before get into
debian)
has caused the Debian Bug report #605661,
regarding fail2ban: fails detecting potential attacks to proftpd
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
605661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605661
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: fail2ban
Version: 0.8.3-2sid1
Severity: important
Tags: patch
Fail2ban fails detecting potential attacks to the proftpd daemon, due to a
syntax error in the filter /etc/fail2ban/filter.d.
To fix this problem you just need to edit /etc/fail2ban/filter.d and change it
as follows:
failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+
\[\S+\] to \S+:\S+$
\(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect
password\.$
\(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
\(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
becomes:
failregex = \(\S+\[<HOST>\]\)[: ]+ USER \S+: no such user found from \S+
\[\S+\] to \S+:\S+$
\(\S+\[<HOST>\]\)[: ]+ USER \S+ \(Login failed\): Incorrect
password\.$
\(\S+\[<HOST>\]\)[: ]+ SECURITY VIOLATION: \S+ login attempted\.$
\(\S+\[<HOST>\]\)[: ]+ Maximum login attempts \(\d+\) exceeded$
After doing that, just restart Fail2ban daemon:
# /etc/init.d/fail2ban restart
Bye,
Ivan Agliardi
-- System Information:
Debian Release: 5.0.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages fail2ban depends on:
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii python 2.5.2-3 An interactive high-level object-o
ii python-central 0.6.8 register and build utility for Pyt
Versions of packages fail2ban recommends:
ii iptables 1.4.2-6 administration tools for packet fi
ii whois 4.7.30 an intelligent whois client
Versions of packages fail2ban suggests:
ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent
ii mailx 1:20071201-3 Transitional package for mailx ren
pn python-gamin <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
cheers
--
Yaroslav O. Halchenko, Ph.D.
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Senior Research Associate, Psychological and Brain Sciences Dept.
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik
--- End Message ---
