NB cross-posting to fail2ban mailing list to seek more feedback
GOOD CALL -- although -w wouldn't be the one to catch it since it would
stop at '-', e.g:
novo# iptables -L -n -v | grep -w fail2ban
0 0 fail2ban-ssh tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 22
but we could anchor it with '\s'
novo# iptables -L -n -v | grep 'fail2ban\s'
novo# iptables -L -n -v | grep 'fail2ban-ssh\s'
0 0 fail2ban-ssh tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 22
but I cannot find description of \s in man grep and moreover
http://stackoverflow.com/questions/4233159/grep-regex-whitespace-behavior
suggest to follow a more bullet-prof [ \t]
I will probably commit this upstream some time soon and see what people say
Could you describe why this deserves 'important' instead of a 'normal'
severity? imho it is just normal and would reveal itself only in limited set
of cases when anyways probably would trigger reinitialization of all chains
returning state to correct operation.
thanks again
On Wed, 09 May 2012, Szépe Viktor wrote:
> Package: fail2ban
> Version: 0.8.4-3
> Severity: important
> Tags: lenny
> originally: iptables -n -L INPUT | grep -q fail2ban-<name>
> I think grep needs a "-w". E.g. "ssh" and "ssh-ddos"
--
Yaroslav O. Halchenko
Postdoctoral Fellow, Department of Psychological and Brain Sciences
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
