Bug#513953: marked as done (additional filters)

[Debian Bug Tracking System]

Your message dated Thu, 09 Jul 2009 06:02:04 +0000
with message-id <e1momho-0005zg...@ries.debian.org>
and subject line Bug#513953: fixed in fail2ban 0.8.3-6
has caused the Debian Bug report #513953,
regarding additional filters
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
513953: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513953
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: fail2ban
Version: 0.8.3-3
Severity: wishlist
Tags: patch

Hi Yaroslav,

maybe you will have a look into the following filter templates, which I'm 
using with 0.8.3-1~bpo40+1 since some time.

Thanks and with kind regards, Jan.
-- 
Never write mail to <w...@spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------

# Fail2Ban configuration file
#
# Author: Jan Wagner <w...@cyconet.org>
#
# $Revision: 551 $
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#
failregex = : badlogin: .*\[<HOST>\] plaintext .*SASL\(-13\): authentication 
failure: checkpass failed$
            : badlogin: .*\[<HOST>\] LOGIN \[SASL\(-13\): authentication 
failure: checkpass failed\]$
            : badlogin: .*\[<HOST>\] (?:CRAM-MD5|NTLM) \[SASL\(-13\): 
authentication failure: incorrect (?:digest|NTLM) response\]$
            : badlogin: .*\[<HOST>\] DIGEST-MD5 \[SASL\(-13\): authentication 
failure: client response doesn't match what we generated\]$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex = 

# Fail2Ban configuration file
#
# Author: Jan Wagner <w...@cyconet.org>
#
# $Revision: 331 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching.
# Values: TEXT
#
failregex = : badlogin: .*\[<HOST>\] (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) 
authentication failure$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex = 

pgpk1yyWH1spx.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: fail2ban
Source-Version: 0.8.3-6

We believe that the bug you reported is fixed in the latest version of
fail2ban, which is due to be installed in the Debian FTP archive:

fail2ban_0.8.3-6.diff.gz
  to pool/main/f/fail2ban/fail2ban_0.8.3-6.diff.gz
fail2ban_0.8.3-6.dsc
  to pool/main/f/fail2ban/fail2ban_0.8.3-6.dsc
fail2ban_0.8.3-6_all.deb
  to pool/main/f/fail2ban/fail2ban_0.8.3-6_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 513...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yaroslav Halchenko <deb...@onerussian.com> (supplier of updated fail2ban 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 09 Jul 2009 01:08:40 -0400
Source: fail2ban
Binary: fail2ban
Architecture: source all
Version: 0.8.3-6
Distribution: unstable
Urgency: low
Maintainer: Yaroslav Halchenko <deb...@onerussian.com>
Changed-By: Yaroslav Halchenko <deb...@onerussian.com>
Description: 
 fail2ban   - bans IPs that cause multiple authentication errors
Closes: 500824 507986 507990 512193 513953 514163 519557 530078
Changes: 
 fail2ban (0.8.3-6) unstable; urgency=low
 .
   * Time to shake the ground with upload to unstable.
   * Merged upstream's development as of SVN revision 732:
      - Fixed maxretry/findtime rate. Many thanks to Christos Psonis.
        Tracker #2019714.
      - Made the named-refused regex a bit less restrictive in order to match
        logs with "view". Thanks to Stephen Gildea.
      - Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100%
        correct fix but seems to work. Tracker #2500276.
      - Changed <HOST> template to be more restrictive (closes: #514163).
      - Added cyrus-imap and sieve filters. Thanks to Jan Wagner.  (closes:
        #513953).
      - Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh
        log (closes: #512193).
      - Added missing semi-colon in the bind9 example. Thanks to Yaroslav
        Halchenko.
      - Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker
        #2484115.
      - Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
        (closes: #507990)
      - Added CPanel date format. Thanks to David Collins. Tracker #1967610.
      - Added nagios script. Thanks to Sebastian Mueller.
      - Removed print.
      - Removed begin-line anchor for "standard" timestamp (closes: #500824)
      - Remove socket file on startup is fail2ban crashed. Thanks to Detlef
        Reichelt.
   * Added a comment into Debian-shipped jail.conf about sasl logpath -- it
     might preferable to monitor warn.log in case of postfix (To complete react
     to #507990) (git branch up/fixes). Also added sasl example log file (git
     branch up/log_examples).
   * Removing minor bashism in ipmasq example file (closes: #530078).
     Thanks Raphael Geissert (git branch up/ipmasq)
   * Allow for trailing spaces in proftpd logs (closes: #507986)
     (git branch up/fixes).
   * Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
     (git branch up/fixes).
   * Adjusted Git-vcs field to point to git:// .
   * Thanks lintian fixes:
     - Boosted policy to 3.8.2 (no changes are due).
     - Boosted debhelper compatibility to 5.
     - Misspell in README.Debian
     - Removing stale /var/run/fail2ban from dirs -- should be created by
       init script
Checksums-Sha1: 
 1e55684a17db058ab5c2698cec4592a431dd1014 1196 fail2ban_0.8.3-6.dsc
 d58a6dc0de62a139127755adfcb5c6c2058d848c 47660 fail2ban_0.8.3-6.diff.gz
 d2055e7e153b905a72d9e304d1879e6bd1924592 92332 fail2ban_0.8.3-6_all.deb
Checksums-Sha256: 
 6f7b0933473b9a2f7a889f4fd5ae8ad91c283fd1ed15b4753da86a2bff8c67b5 1196 
fail2ban_0.8.3-6.dsc
 3237a4ac043470a519099dc2ed92f4d8571d75ae56fc10ce198747716a120ed0 47660 
fail2ban_0.8.3-6.diff.gz
 745ffffd51ea92baf9549f0ab5cd1cb1a8a2b50ced5f2e891ce76db2cd97b6d8 92332 
fail2ban_0.8.3-6_all.deb
Files: 
 cbdcc0c552dc9b7531fe8af98c4f11e2 1196 net optional fail2ban_0.8.3-6.dsc
 128fb35873a015e58084084a03740224 47660 net optional fail2ban_0.8.3-6.diff.gz
 786b3c4a7d3fb2313d6a7c4cde8b831a 92332 net optional fail2ban_0.8.3-6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpVhlMACgkQjRFFY3XAJMgR+gCgxr0OhPstTCZhdLpaAYBk+c7t
bLsAnA4R4i4hx5pkYDK3cs90XC7pg6Kt
=OPgc
-----END PGP SIGNATURE-----

--- End Message ---