Package: fail2ban
Version: 0.8.3-2sid1
Severity: important
Tags: patch
Fail2ban fails detecting potential attacks to the proftpd daemon, due to a
syntax error in the filter /etc/fail2ban/filter.d.
To fix this problem you just need to edit /etc/fail2ban/filter.d and change it
as follows:
failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+
\[\S+\] to \S+:\S+$
\(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect
password\.$
\(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
\(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
becomes:
failregex = \(\S+\[<HOST>\]\)[: ]+ USER \S+: no such user found from \S+
\[\S+\] to \S+:\S+$
\(\S+\[<HOST>\]\)[: ]+ USER \S+ \(Login failed\): Incorrect
password\.$
\(\S+\[<HOST>\]\)[: ]+ SECURITY VIOLATION: \S+ login attempted\.$
\(\S+\[<HOST>\]\)[: ]+ Maximum login attempts \(\d+\) exceeded$
After doing that, just restart Fail2ban daemon:
# /etc/init.d/fail2ban restart
Bye,
Ivan Agliardi
-- System Information:
Debian Release: 5.0.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages fail2ban depends on:
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii python 2.5.2-3 An interactive high-level object-o
ii python-central 0.6.8 register and build utility for Pyt
Versions of packages fail2ban recommends:
ii iptables 1.4.2-6 administration tools for packet fi
ii whois 4.7.30 an intelligent whois client
Versions of packages fail2ban suggests:
ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent
ii mailx 1:20071201-3 Transitional package for mailx ren
pn python-gamin <none> (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
