Thanks!
> I wonder, is it possible to move jail/filter configuration from fail2ban
> to the respective packages?
why?
On Fri, 29 Feb 2008, Damyan Ivanov wrote:
> Package: fail2ban
> Version: 0.8.1-4
> Severity: normal
> Tags: patch
> Hi,
> It seems that Sid's version of proftpd has some changes to the logging
> compared to Etch.
> First, it now uses /var/log/auth.log instead of
> /var/log/proftpd/proftpd.log. That would require changing jail.conf and
> I am not sure how to make this compatible with older proftpd.
> Second, the log messages are a bit different. Here are the current
> patterns:
> failregex = \(\S+\[<HOST>\]\): USER \S+: no such user found from \S+
> \[[0-9.]+\] to \S+:\S+$
> \(\S+\[<HOST>\]\): USER \S+ \(Login failed\): Incorrect
> password\.$
> \(\S+\[<HOST>\]\): SECURITY VIOLATION: \S+ login attempted\.$
> \(\S+\[<HOST>\]\): Maximum login attempts \(\d+\) exceeded$
> Changes:
> 1. new proftpd no longer uses ": ", but " - " between the host and the
> error message.
> 2. The maximum login attempts message now has ", connection refused"
> appended
> 3. the "no such user" pattern after the \S+ supports only "bare" IPv4,
> while proftpd now uses ::ffff:... for that.
> Here are patterns that should work both on etch and sid:
> failregex = \(\S+\[<HOST>\]\)(?::| -) USER \S+: no such user found from \S+
> \S+ to \S+:\S+$
> \(\S+\[<HOST>\]\)(?::| -) USER \S+ \(Login failed\): Incorrect
> password\.$
> \(\S+\[<HOST>\]\)(?::| -) SECURITY VIOLATION: \S+ login
> attempted\.$
> \(\S+\[<HOST>\]\)(?::| -) Maximum login attempts \(\d+\)
> exceeded(?:, connection refused )?$
> I wonder, is it possible to move jail/filter configuration from fail2ban
> to the respective packages?
> Thanks in advance,
> dam
> -- System Information:
> Debian Release: lenny/sid
> APT prefers oldstable
> APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500,
> 'stable'), (1, 'experimental')
> Architecture: i386 (i686)
> Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
> Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Versions of packages fail2ban depends on:
> ii lsb-base 3.1-24 Linux Standard Base 3.1 init
> scrip
> ii python 2.4.4-6 An interactive high-level
> object-o
> ii python-central 0.5.15-0.1 register and build utility for
> Pyt
> Versions of packages fail2ban recommends:
> ii iptables 1.4.0-3 administration tools for packet
> fi
> -- no debconf information
--
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW: http://www.linkedin.com/in/yarik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
