smeserver-fail2ban/contribs10/smeserver-fail2ban-0.1.18-bz11586-serverfailstostart.patch

diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh      2021-05-24 23:08:25.925992313 -0400
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh  2021-05-24 23:21:04.000000000 -0400
@@ -9,7 +9,7 @@
 [ssh]
 enabled  = true
 filter   = sshd
-logpath  = /var/log/sshd/current
+logpath  = /var/log/sshd/sshd.log
 action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
 EOF
 
@@ -21,7 +21,7 @@
 [ssh-ddos]
 enabled  = true
 filter   = sshd-ddos
-logpath  = /var/log/sshd/current
+logpath  = /var/log/sshd/sshd.log
 action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
 EOF
 
diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot  2021-05-24 23:08:25.925992313 -0400
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot      2021-05-24 23:23:10.000000000 -0400
@@ -15,7 +15,7 @@
 [imap]
 enabled  = true
 filter   = dovecot
-logpath  = /var/log/dovecot/current
+logpath  = /var/log/dovecot/dovecot.log
 action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
 EOF
 
diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd  2021-05-24 23:08:25.925992313 -0400
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd      2021-05-24 23:27:39.000000000 -0400
@@ -1,12 +1,12 @@
 {
 
-my $status = $smtpd{'status'} || 'disabled';
+my $status = $sqpsmtpd{'status'} || 'disabled';
 my $f2b = $qpsmtpd{'Fail2Ban'} || 'enabled';
 return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 my @ports = ();
-push @ports, ($smtpd{'TCPPort'} || '25');
-push @ports, ($ssmtpd{'TCPPort'} || '465')
-  if (($ssmtpd{'status'} || 'disabled') eq 'enabled');
+push @ports, ($qpsmtpd{'TCPPort'} || '25');
+push @ports, ($sqpsmtpd{'TCPPort'} || '465')
+  if (($sqpsmtpd{'status'} || 'disabled') eq 'enabled');
 my $port = join (",", @ports);
 
 my $max = $maxretry*3;
diff -urN smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/sshd-ddos.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/sshd-ddos.conf
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/sshd-ddos.conf     1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/sshd-ddos.conf 2021-05-24 23:14:31.000000000 -0400
@@ -0,0 +1,28 @@
+# Fail2Ban ssh filter for at attempted exploit
+#
+# The regex here also relates to a exploit:
+#
+#  http://www.securityfocus.com/bid/17958/exploit
+#  The example code here shows the pushing of the exploit straight after
+#  reading the server version. This is where the client version string normally
+#  pushed. As such the server will read this unparsible information as
+#  "Did not receive identification string".
+# Author: Yaroslav Halchenko
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = sshd
+
+failregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
+
+ignoreregex =.
+
+[Init]
+
+journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
1	terryfage	1.1	diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh
2			--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh 2021-05-24 23:08:25.925992313 -0400
3			+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh 2021-05-24 23:21:04.000000000 -0400
4			@@ -9,7 +9,7 @@
5			[ssh]
6			enabled = true
7			filter = sshd
8			-logpath = /var/log/sshd/current
9			+logpath = /var/log/sshd/sshd.log
10			action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
11			EOF
12
13			@@ -21,7 +21,7 @@
14			[ssh-ddos]
15			enabled = true
16			filter = sshd-ddos
17			-logpath = /var/log/sshd/current
18			+logpath = /var/log/sshd/sshd.log
19			action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
20			EOF
21
22			diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot
23			--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot 2021-05-24 23:08:25.925992313 -0400
24			+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot 2021-05-24 23:23:10.000000000 -0400
25			@@ -15,7 +15,7 @@
26			[imap]
27			enabled = true
28			filter = dovecot
29			-logpath = /var/log/dovecot/current
30			+logpath = /var/log/dovecot/dovecot.log
31			action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
32			EOF
33
34			diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd
35			--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd 2021-05-24 23:08:25.925992313 -0400
36			+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd 2021-05-24 23:27:39.000000000 -0400
37			@@ -1,12 +1,12 @@
38			{
39
40			-my $status = $smtpd{'status'} \|\| 'disabled';
41			+my $status = $sqpsmtpd{'status'} \|\| 'disabled';
42			my $f2b = $qpsmtpd{'Fail2Ban'} \|\| 'enabled';
43			return "" if (($status ne 'enabled') \|\| ($f2b ne 'enabled'));
44			my @ports = ();
45			-push @ports, ($smtpd{'TCPPort'} \|\| '25');
46			-push @ports, ($ssmtpd{'TCPPort'} \|\| '465')
47			- if (($ssmtpd{'status'} \|\| 'disabled') eq 'enabled');
48			+push @ports, ($qpsmtpd{'TCPPort'} \|\| '25');
49			+push @ports, ($sqpsmtpd{'TCPPort'} \|\| '465')
50			+ if (($sqpsmtpd{'status'} \|\| 'disabled') eq 'enabled');
51			my $port = join (",", @ports);
52
53			my $max = $maxretry*3;
54			diff -urN smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/sshd-ddos.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/sshd-ddos.conf
55			--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/sshd-ddos.conf 1969-12-31 19:00:00.000000000 -0500
56			+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/sshd-ddos.conf 2021-05-24 23:14:31.000000000 -0400
57			@@ -0,0 +1,28 @@
58			+# Fail2Ban ssh filter for at attempted exploit
59			+#
60			+# The regex here also relates to a exploit:
61			+#
62			+# http://www.securityfocus.com/bid/17958/exploit
63			+# The example code here shows the pushing of the exploit straight after
64			+# reading the server version. This is where the client version string normally
65			+# pushed. As such the server will read this unparsible information as
66			+# "Did not receive identification string".
67			+# Author: Yaroslav Halchenko
68			+
69			+[INCLUDES]
70			+
71			+# Read common prefixes. If any customizations available -- read them from
72			+# common.local
73			+before = common.conf
74			+
75			+[Definition]
76			+
77			+_daemon = sshd
78			+
79			+failregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
80			+
81			+ignoreregex =.
82			+
83			+[Init]
84			+
85			+journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd