Your message dated Wed, 01 Aug 2012 01:47:10 +0000 with message-id <[email protected]> and subject line Bug#648020: fixed in fail2ban 0.8.7-1 has caused the Debian Bug report #648020, regarding fail2ban: sshd recipe misses pam_unix(sshd:auth): to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 648020: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648020 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: fail2ban Version: 0.8.4-3 Severity: normal Hi. On my quite generic system a typical sshd log line looks like follows: Nov 8 11:19:38 bar sshd[25427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=fnord The supplied regex does not take the "pam_unix(sshd:auth):" part into account. Appended you can see my manual addition. cu AW -- System Information: Debian Release: 6.0.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages fail2ban depends on: ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii python 2.6.6-3+squeeze6 interactive high-level object-orie ii python-central 0.6.16+nmu1 register and build utility for Pyt Versions of packages fail2ban recommends: ii iptables 1.4.8-3 administration tools for packet fi ii whois 5.0.10 an intelligent whois client Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20100314cvs-1 simple mail user agent pn python-gamin <none> (no description available) -- Configuration Files: /etc/fail2ban/filter.d/sshd.conf changed: [INCLUDES] before = common.conf [Definition] _daemon = sshd failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$ ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$ ^%(__prefix_line)sFailed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers$ ^%(__prefix_line)s(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$ ignoreregex = /etc/fail2ban/jail.conf changed: [DEFAULT] ignoreip = 127.0.0.1 bantime = 315360000 maxretry = 3 backend = polling destemail = root@localhost banaction = iptables-multiport mta = sendmail protocol = tcp action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s] action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s] %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s] action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s] action = %(action_)s [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6 findtime = 4200 [pam-generic] enabled = false filter = pam-generic port = all banaction = iptables-allports port = anyport logpath = /var/log/auth.log maxretry = 6 [xinetd-fail] enabled = false filter = xinetd-fail port = all banaction = iptables-multiport-log logpath = /var/log/daemon.log maxretry = 2 [ssh-ddos] enabled = false port = ssh filter = sshd-ddos logpath = /var/log/auth.log maxretry = 6 [apache] enabled = false port = http,https filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 6 [apache-multiport] enabled = false port = http,https filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 6 [apache-noscript] enabled = false port = http,https filter = apache-noscript logpath = /var/log/apache*/*error.log maxretry = 6 [apache-overflows] enabled = false port = http,https filter = apache-overflows logpath = /var/log/apache*/*error.log maxretry = 2 [vsftpd] enabled = false port = ftp,ftp-data,ftps,ftps-data filter = vsftpd logpath = /var/log/vsftpd.log maxretry = 6 [proftpd] enabled = false port = ftp,ftp-data,ftps,ftps-data filter = proftpd logpath = /var/log/proftpd/proftpd.log maxretry = 6 [wuftpd] enabled = false port = ftp,ftp-data,ftps,ftps-data filter = wuftpd logpath = /var/log/auth.log maxretry = 6 [postfix] enabled = false port = smtp,ssmtp filter = postfix logpath = /var/log/mail.log [couriersmtp] enabled = false port = smtp,ssmtp filter = couriersmtp logpath = /var/log/mail.log [courierauth] enabled = false port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s filter = courierlogin logpath = /var/log/mail.log [sasl] enabled = false port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s filter = sasl logpath = /var/log/mail.log [named-refused-tcp] enabled = false port = domain,953 protocol = tcp filter = named-refused logpath = /var/log/named/security.log -- no debconf information
--- End Message ---
--- Begin Message ---Source: fail2ban Source-Version: 0.8.7-1 We believe that the bug you reported is fixed in the latest version of fail2ban, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yaroslav Halchenko <[email protected]> (supplier of updated fail2ban package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 31 Jul 2012 16:51:40 -0400 Source: fail2ban Binary: fail2ban Architecture: source all Version: 0.8.7-1 Distribution: experimental Urgency: low Maintainer: Yaroslav Halchenko <[email protected]> Changed-By: Yaroslav Halchenko <[email protected]> Description: fail2ban - ban hosts that cause multiple authentication errors Closes: 333557 481265 514239 598109 604843 616803 648020 653074 657286 669063 672228 676146 Changes: fail2ban (0.8.7-1) experimental; urgency=low . * New upstream release: - inotify backend is supported (and the default if pyinotify is present). It should bring number of wakeups to minimum (Closes: #481265) - usedns jail.conf parameter to disable reverse DNS mapping to avoid of DoS (see #588431, #514239 for related discussions) - enforces non-unicode logging (Closes: #657286) - new jail "recidive" to ban repeated offenders (Closes: #333557) - catch failed ssh logins due to being listed in DenyUsers (Closes: #669063) - document in config/*.conf on how to inline comments (Closes: #676146) - match possibly present "pam_unix(sshd:auth):" portion for sshd (Closes: #648020) - wu-ftpd: added failregex for use against syslog. Switch to monitor syslog (instead of auth.log) by default (Closes: #514239) - anchor chain name in actioncheck's for iptables actions (Closes: #672228) * debian/jail.conf: - adopted few jails from "upstreams" jail.conf: asterisk, recidive, lighttpd, php-url-open - provide instructions in jail.conf on how to comment (Closes: #676146) Thanks Stefano Forli for a report * debian/fail2ban.init: - Should-(start|stop): iptables-persistent (Closes: #598109), ferm (Closes: #604843) - 'status' exits with code 3 if fail2ban is not running (Closes: #653074) Thanks Glenn Aaldering for the patch * debian/source: - switch to 3.0 (quilt) format * debian/control,rules: - switch to use dh_python2 (Closes: #616803) - boost policy compliance to 3.9.3 - recommend python-pyinotify and only suggest python-gamin Checksums-Sha1: e2111e7d537d36f9980e23175e62e8d21c7ff6be 1190 fail2ban_0.8.7-1.dsc 44cd6e29dc54e300e2581104f99d87763c7d7e42 122505 fail2ban_0.8.7.orig.tar.gz 1addea3b04a2b7b850431a83775fdf9f6da033d8 29327 fail2ban_0.8.7-1.debian.tar.gz b4e6988395db1f13fb4b22b47173dc69979aee13 110388 fail2ban_0.8.7-1_all.deb Checksums-Sha256: ea8788f1fe931d8da7c2d67f08f127da8895ff21648a1cab80082e8ffe7dde53 1190 fail2ban_0.8.7-1.dsc 7549ea38ffa3755a41145cc3ecc1149e025465b4db3c3ceed9e59b30903d35e6 122505 fail2ban_0.8.7.orig.tar.gz c488798420314b2a37ea20d7d431484f638135f14f6133e334a6230c99739229 29327 fail2ban_0.8.7-1.debian.tar.gz 70524db89972550bcd24b4c2d61286017628fc30e49fc1029fc66b430fcd24aa 110388 fail2ban_0.8.7-1_all.deb Files: 333dd1321b92151a05f7792c2067bbf2 1190 net optional fail2ban_0.8.7-1.dsc ab7ad37439ca9e4d92d97325b10d85ff 122505 net optional fail2ban_0.8.7.orig.tar.gz ae2f2d569e1274d5f30e9a3c72861c0b 29327 net optional fail2ban_0.8.7-1.debian.tar.gz cf95cf7bba199160298d948cf30c4ee5 110388 net optional fail2ban_0.8.7-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlAYhjwACgkQjRFFY3XAJMg15QCePMCq9AFHgkgVo34DTAoJt96W CsUAoNTK8OE+mgS9hvAWiKdhARAMQhnt =VEf6 -----END PGP SIGNATURE-----
--- End Message ---
