Package: fail2ban
Version: 0.8.4-3
Severity: normal
The fix for http://bugs.debian.org/537773 causes a problem if user has
configured a logtarget other than /var/log/fail2ban.log in
/etc/fail2ban/fail2ban.conf. As you can see below, I have logtarget
set to SYSLOG. So when logrotate runs for fail2ban with
/etc/logrotate.d/fail2ban, the logtarget is set to a file, which I do
not want.
I'm not sure what the best fix for this is.
Personally, I will just remove /etc/logrotate.d/fail2ban, since
nothing needs to happen--my syslog rotation is already taken care of
by /etc/logrotate.d/rsyslog.
-- System Information:
Debian Release: 6.0.2
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-x86_64-linode18 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages fail2ban depends on:
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii python 2.6.6-3+squeeze6 interactive high-level object-orie
ii python-central 0.6.16+nmu1 register and build utility for Pyt
Versions of packages fail2ban recommends:
ii iptables 1.4.8-3 administration tools for packet fi
ii whois 5.0.10 an intelligent whois client
Versions of packages fail2ban suggests:
ii bsd-mailx [mailx] 8.1.2-0.20100314cvs-1 simple mail user agent
ii python-gamin 0.1.10-2+b1 Python binding for the gamin clien
-- Configuration Files:
/etc/fail2ban/fail2ban.conf changed:
[Definition]
loglevel = 3
logtarget = SYSLOG
socket = /var/run/fail2ban/fail2ban.sock
/etc/fail2ban/jail.conf changed:
[DEFAULT]
ignoreip = 127.0.0.1
bantime = 600
maxretry = 3
backend = auto
destemail = r...@kenyonralph.com
banaction = iptables-multiport
mta = sendmail
protocol = tcp
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s",
protocol="%(protocol)s]
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s",
protocol="%(protocol)s]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s",
protocol="%(protocol)s]
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s",
protocol="%(protocol)s]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s",
logpath=%(logpath)s]
action = %(action_)s
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
[pam-generic]
enabled = false
filter = pam-generic
port = all
banaction = iptables-allports
port = anyport
logpath = /var/log/auth.log
maxretry = 6
[xinetd-fail]
enabled = false
filter = xinetd-fail
port = all
banaction = iptables-multiport-log
logpath = /var/log/daemon.log
maxretry = 2
[ssh-ddos]
enabled = false
port = ssh
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 6
[apache]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6
[apache-multiport]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6
[apache-noscript]
enabled = false
port = http,https
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6
[apache-overflows]
enabled = false
port = http,https
filter = apache-overflows
logpath = /var/log/apache*/*error.log
maxretry = 2
[vsftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = vsftpd
logpath = /var/log/vsftpd.log
maxretry = 6
[proftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
[wuftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = wuftpd
logpath = /var/log/auth.log
maxretry = 6
[postfix]
enabled = false
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
[couriersmtp]
enabled = false
port = smtp,ssmtp
filter = couriersmtp
logpath = /var/log/mail.log
[courierauth]
enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = courierlogin
logpath = /var/log/mail.log
[sasl]
enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = sasl
logpath = /var/log/mail.log
[named-refused-tcp]
enabled = false
port = domain,953
protocol = tcp
filter = named-refused
logpath = /var/log/named/security.log
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
