Package: fail2ban
Version: 0.8.1-3
Severity: normal
Tags: patch
The failregex don't match the incorrect password event ": USER ...
(Login failed)". Also the failregex don't math the root login attempts
"SECURITY VIOLATION". I also added a general proftpd's authentication
error "Maximum login attempts". I suggest the following failregex for
the rule /etc/fail2ban/filter.d/proftpd.conf:
failregex = \(\S+\[<HOST>\]\): USER \S+: no such user found from \S+
\[[0-9.]+\] to \S+:\S+$
\(\S+\[<HOST>\]\): USER \S+ \(Login failed\): Incorrect password\.$
\(\S+\[<HOST>\]\): SECURITY VIOLATION: \S+ login attempted\.$
\(\S+\[<HOST>\]\): Maximum login attempts \(\d+\) exceeded$
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (560, 'testing'), (550, 'testing'), (540,
'testing-proposed-updates'), (260, 'stable'), (250, 'stable'), (240,
'proposed-updates'), (50, 'unstable')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=it_IT.ISO-8859-15, LC_CTYPE=ISO_8859_15 (charmap=ISO-8859-1)
(ignored: LC_ALL set to it_IT)
Shell: /bin/sh linked to /bin/bash
Versions of packages fail2ban depends on:
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii python 2.4.4-6 An interactive high-level object-o
ii python-central 0.5.15 register and build utility for Pyt
Versions of packages fail2ban recommends:
ii iptables 1.3.8.0debian1-1 administration tools for packet fi
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
