On Sat, Oct 01, 2005 at 03:04:20AM -0400, Yaroslav Halchenko wrote:
> Hi Joshua,
>
> Thank you for you feedback. If you have a moment
> could you please give a try to the "fixed" revision. I've placed in
> changelog entry which states that it is necessary to update config file
> to have the breach closed
>
> http://itanix.rutgers.edu/rumba/dists/unstable/perspect/binary-all/net/fail2ban_0.5.4-5pre1_all.deb
>
> Do you think that the solution I've proposed is sufficient to close the
> bug?
Hi Yaroslav, sorry for my uselessly late reply.
The approach should work but I have two concerns. Please consider them
yourself.
1) The package does not on install make it clear (at least with my
debian configuration) that replacing the configuration file is necessary
to close the bug.
I'm not even sure how this would be done in the debian world, save
perhaps an email to the system owner?
2) The regex is not verifiable nor even understandable by me. I accept
that sophisticated regex has its place, but it is effectively a bit of a
programming language, and I think configfiles should not really contain
significant chunks of code, especially ones that are moderately opaque.
I'm sure I could go to some effort to read the python regex docs to find
out what is going on there, but I was hoping for something that would be
apparent to any admin so it could be vetted and/or updated as necessary.
Is this a reasonable approach?
1) Regex which identifies a false login. This can be as simple as
before. If someone logs in as "illegal user" to create a false
positive, so be it.
2) Second pattern which simply identifies the IP address component of
the line.
I think these can both be kept simple.
Should I be sending these to the upstream author, or will he/she
probably see all this anyway.
Aside: Many thanks to my debian maintainers. I should buy you all a
beer.
-josh
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
