Debian
fail2ban package

lp:debian/wheezy/fail2ban

  1. Wheezy (7.0)
  2. wheezy
Created by James Westby and last modified
Get this branch:
bzr branch lp:debian/wheezy/fail2ban
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

25. By Yaroslav Halchenko

* Use anchored failregex for filters to avoid possible DoS. Manually
  picked up from the current status of 0.8 branch (as of
  0.8.13-29-g09b2016):
  - CVE-2013-7176: postfix.conf - anchored on the front, expects
    "postfix/smtpd" prefix in the log line
  - CVE-2013-7177: cyrus-imap.conf - anchored on the front, and
    refactored to have a single failregex
  - couriersmtp.conf - anchored on both sides
  - exim.conf - front-anchored versions picked up from exim.conf
    and exim-spam.conf
  - lighttpd-fastcgi.conf - front-anchored picked up from suhosin.conf

24. By Yaroslav Halchenko

Anchor apache- filters failregexes to avoid possible DoS on servers
which enabled corresponding jails. Fix cherry-picked from upstream
0.8.9-29-g6ccd578 . See http://seclists.org/fulldisclosure/2013/Jun/66

23. By Yaroslav Halchenko

* CVE-2012-5642: Escape the content of <matches> since its value could
  contain arbitrary symbols (Closes: #696184)
* Since package source format remained 1.0, manpages patch
  (deb_manpages_reportbug) was not applied -- fold it into .diff.gz

22. By Yaroslav Halchenko

* Added dovecot section to Debian's jail.conf. Thanks to Laurent
  Léonard (Closes: #655182)
* init.d script now returns non-0 exit codes upon status command
  with not running / failed to connect server. Thanks to
  Glenn Aaldering for the patch

21. By Yaroslav Halchenko

* Added pure-ftpd section to Debian's jail.conf. Thanks to Laurent
  Léonard (Closes: #654412)
* Enhancement: action to use /proc/net/xt_recent and run f2b as a normal
  user. Many many thanks to Zbyszek Szmek (Closes: #602016)

20. By Yaroslav Halchenko

* [1efe1bc] Fresh upstream release (Closes: #648324)
* Boosted policy compliance to 3.9.2 -- no changes
* Adjusted debian/watch to fetch tarballs from github

19. By Yaroslav Halchenko

[5242e73] BF: (cherry-picked from upstream, DEP-3 yet TODO) Lock
server's executeCmd to prevent racing among iptables calls (Closes:
#554162) Many kudos go to Michael Saavedra for the patch

18. By Yaroslav Halchenko

* [de95777] Fresh upstream release FAIL2BAN-0_8_5:
  - [00e1827] BF: use addfailregex instead of failregex while processing
    per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
    Thanks Marat Khayrullin for the patch and Daniel T Chen for forwarding to
    Debian.
* [1cbdafc] Set backend to auto and recommends python-gamin (Closes: #524425)
* [ef449f4] Added a note on diverting logrotate configuration for custom
  logtarget=SYSLOG (Closes: #631917). Thanks Kenyon Ralph for report

17. By Yaroslav Halchenko

* Fresh upstream snapshot which absorbed some of the patches from Debian
  and
  - [c6d64e9] debug entry for lines ignored due to falling below
    findtime (v2)
  - [fc20f12] Tai64N stores time in GMT, we need to convert to
    local time before returning
  - [b0331bb] default ignoreip to ignore entire loopback zone (/8)
    (Closes: #598200)
  - [b9f15f6] ENH: dovecot filter
  - [69165b1] ENH: add <chain> to action.d/iptables*. Thanks
    Matthijs Kooijman
  - [8330a20] ENH: make filter.d/apache-overflows.conf catch more
    (Closes: #574182)
  - [66cc6cb] BF: allow space in the trailing of failregex for sasl.conf
    (Closes: #573314)
  - [2714019] ENH: dropbear filter (Closes: #546913)
  - [ea7d352] BF: Use /var/run/fail2ban instead of /tmp for temp files in
    actions (Closes: #544232)
* debian/jail.conf:
  - [bc8e22d] spellcheck (Closes: #598206). Thanks Christoph Anton Mitterer
  - [d7f3e23] adjusted description for sasl jail (Closes: #615952)
  - [92fb484] debian/jail.conf: closing " for protocol specification
  - [f828c31] debian/jail.conf: got 'chain' parameter to be specified for
    iptables actions (Closes: #515599)
* debian/control:
  - [858af30] slight rewordings of the long description (Closes: #588176)
  - [167dfd4] Boosted policy compliance version to 3.9.1 (no changes seems
    to be due)
* [4e1e845] debian/copyright: updated copyright years

16. By Yaroslav Halchenko

* Commenting out named-refused-udp jail and providing even fatter
  WARNING against using it (Closes: #583364)
* Merging upstream's commit for fixing missing import

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:debian/fail2ban
This branch contains Public information 
Everyone can see this information.

Subscribers