Your message dated Tue, 6 Jun 2006 11:07:22 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#370711: bashisms in init.d script, line 91
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: fail2ban
Version: 0.6.0-1
Severity: wishlist
You might note that the log file location needs to be changed for
Apache2. Although it's pretty obvious, I managed to miss it at first!
Probably a comment right after the Apache header in the config file
would be best.
It may be the case that the failure patterns for Apache2 differ from
those for Apache (v 1). If so, it would be good to provide them.
I notice a lot of probes that show up in error.log but not
access.log. They look like this:
------------------------------------------
[Sun Nov 27 07:58:26 2005] [error] [client 219.140.132.121] File does not
exist: /var/www/sfgc/cgi-bin, referer: http://www.lookquick.net/search.php
[Sun Nov 27 07:59:59 2005] [error] [client 219.140.132.121] File does not
exist: /var/www/sfgc/xml.php, referer: http://www.lookquick.net
[Sun Nov 27 08:03:45 2005] [error] [client 219.140.132.121] File does not
exist: /var/www/sfgc/cgi-bin, referer: http://orseek.com
[Sun Nov 27 08:04:14 2005] [error] [client 219.140.132.121] File does not
exist: /var/www/sfgc/xml.php, referer: http://lookquick.net/search.php
[Sun Nov 27 08:05:44 2005] [error] [client 219.140.132.121] File does not
exist: /var/www/sfgc/cgi-bin, referer: http://orseek.com
------------------------------------------
To be honest, I'm not sure if these are fairly routine indexing by
search engines, but they seemed suspicious to me. If appropriate, it
would be nice to ban on this basis too.
Finally, it seems desirable to have maxfailures and other paramaters
differ for the different sections. It's hard to tell whether this is
possible already. If it is, perhaps modify
---------------------------------------------
# password failure. Each section has to define the following
# options: logfile, fwban, fwunban, timeregex, timepattern,
# failregex.
--------------------------------------------------
in fail2ban.conf. After "password failure." add "Each section may
also redefine any of the parameters given above. The redefinition
affects that section only." Note this wording implies both [DEFAULT]
and [MAIL] parameters can be redefined, which seems best. If it's
only one, adjust accordingly.
If this feature doesn't exist, it would be nice to add it.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (990, 'stable'), (50, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27advncdfs
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages fail2ban depends on:
ii iptables 1.3.3-2 Linux kernel 2.4+ iptables adminis
ii python 2.3.5-3 An interactive high-level object-o
fail2ban recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Hi Martin,
This bashism was removed in 0.6.1-8 which has been in unstable for a few
days already. Thus I'm closing this bugreport. Thank you for boosting my
carma ;-)
Relevant changelog is
fail2ban (0.6.1-8) unstable; urgency=low
* Removed bashism (arrays) from init.d script to make it POSIX shell
complient (closes: #368218)
* Added new proftpd section
* Added new saslauthd section. Thanks to martin f krafft
<[EMAIL PROTECTED]> (closes: #369483)
* Mentioned apache2 log file in Other. comment field for FILE in
apache section. Nothing has to be changed besides the logfile path to
work with apache2 (closes: #342144)
-- Yaroslav Halchenko <[EMAIL PROTECTED]> Mon, 22 May 2006 15:37:17 -0400
P.S. BTW I am closing "fixed" relevant NMU fixed (sponsor upload) bugs
> Please either get rid of the array and duplicate code, so that the
> script can be run with dash, or use /bin/bash in the first line
> (which would be acceptable but not preferable).
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
pgphfHrBKsVWc.pgp
Description: PGP signature
--- End Message ---
