smeserver-fail2ban/contribs10/smeserver-fail2ban-0.1.18-bz11586-serverfailstostart.patch

diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh      2021-05-24 23:08:25.925992313 -0400
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh  2021-05-24 23:21:04.000000000 -0400
@@ -9,7 +9,7 @@
 [ssh]
 enabled  = true
 filter   = sshd
-logpath  = /var/log/sshd/current
+logpath  = /var/log/sshd/sshd.log
 action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
 EOF
 
@@ -21,7 +21,7 @@
 [ssh-ddos]
 enabled  = true
 filter   = sshd-ddos
-logpath  = /var/log/sshd/current
+logpath  = /var/log/sshd/sshd.log
 action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
 EOF
 
diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot  2021-05-24 23:08:25.925992313 -0400
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot      2021-05-24 23:23:10.000000000 -0400
@@ -15,7 +15,7 @@
 [imap]
 enabled  = true
 filter   = dovecot
-logpath  = /var/log/dovecot/current
+logpath  = /var/log/dovecot/dovecot.log
 action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
 EOF
 
diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd  2021-05-24 23:08:25.925992313 -0400
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd      2021-05-24 23:27:39.000000000 -0400
@@ -1,12 +1,12 @@
 {
 
-my $status = $smtpd{'status'} || 'disabled';
+my $status = $sqpsmtpd{'status'} || 'disabled';
 my $f2b = $qpsmtpd{'Fail2Ban'} || 'enabled';
 return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 my @ports = ();
-push @ports, ($smtpd{'TCPPort'} || '25');
-push @ports, ($ssmtpd{'TCPPort'} || '465')
-  if (($ssmtpd{'status'} || 'disabled') eq 'enabled');
+push @ports, ($qpsmtpd{'TCPPort'} || '25');
+push @ports, ($sqpsmtpd{'TCPPort'} || '465')
+  if (($sqpsmtpd{'status'} || 'disabled') eq 'enabled');
 my $port = join (",", @ports);
 
 my $max = $maxretry*3;
diff -urN smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/sshd-ddos.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/sshd-ddos.conf
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/sshd-ddos.conf     1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/sshd-ddos.conf 2021-05-24 23:14:31.000000000 -0400
@@ -0,0 +1,28 @@
+# Fail2Ban ssh filter for at attempted exploit
+#
+# The regex here also relates to a exploit:
+#
+#  http://www.securityfocus.com/bid/17958/exploit
+#  The example code here shows the pushing of the exploit straight after
+#  reading the server version. This is where the client version string normally
+#  pushed. As such the server will read this unparsible information as
+#  "Did not receive identification string".
+# Author: Yaroslav Halchenko
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = sshd
+
+failregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
+
+ignoreregex =.
+
+[Init]
+
+journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
1	diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh
2	--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh 2021-05-24 23:08:25.925992313 -0400
3	+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh 2021-05-24 23:21:04.000000000 -0400
4	@@ -9,7 +9,7 @@
5	[ssh]
6	enabled = true
7	filter = sshd
8	-logpath = /var/log/sshd/current
9	+logpath = /var/log/sshd/sshd.log
10	action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
11	EOF
12
13	@@ -21,7 +21,7 @@
14	[ssh-ddos]
15	enabled = true
16	filter = sshd-ddos
17	-logpath = /var/log/sshd/current
18	+logpath = /var/log/sshd/sshd.log
19	action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
20	EOF
21
22	diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot
23	--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot 2021-05-24 23:08:25.925992313 -0400
24	+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot 2021-05-24 23:23:10.000000000 -0400
25	@@ -15,7 +15,7 @@
26	[imap]
27	enabled = true
28	filter = dovecot
29	-logpath = /var/log/dovecot/current
30	+logpath = /var/log/dovecot/dovecot.log
31	action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
32	EOF
33
34	diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd
35	--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd 2021-05-24 23:08:25.925992313 -0400
36	+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd 2021-05-24 23:27:39.000000000 -0400
37	@@ -1,12 +1,12 @@
38	{
39
40	-my $status = $smtpd{'status'} \|\| 'disabled';
41	+my $status = $sqpsmtpd{'status'} \|\| 'disabled';
42	my $f2b = $qpsmtpd{'Fail2Ban'} \|\| 'enabled';
43	return "" if (($status ne 'enabled') \|\| ($f2b ne 'enabled'));
44	my @ports = ();
45	-push @ports, ($smtpd{'TCPPort'} \|\| '25');
46	-push @ports, ($ssmtpd{'TCPPort'} \|\| '465')
47	- if (($ssmtpd{'status'} \|\| 'disabled') eq 'enabled');
48	+push @ports, ($qpsmtpd{'TCPPort'} \|\| '25');
49	+push @ports, ($sqpsmtpd{'TCPPort'} \|\| '465')
50	+ if (($sqpsmtpd{'status'} \|\| 'disabled') eq 'enabled');
51	my $port = join (",", @ports);
52
53	my $max = $maxretry*3;
54	diff -urN smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/sshd-ddos.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/sshd-ddos.conf
55	--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/sshd-ddos.conf 1969-12-31 19:00:00.000000000 -0500
56	+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/sshd-ddos.conf 2021-05-24 23:14:31.000000000 -0400
57	@@ -0,0 +1,28 @@
58	+# Fail2Ban ssh filter for at attempted exploit
59	+#
60	+# The regex here also relates to a exploit:
61	+#
62	+# http://www.securityfocus.com/bid/17958/exploit
63	+# The example code here shows the pushing of the exploit straight after
64	+# reading the server version. This is where the client version string normally
65	+# pushed. As such the server will read this unparsible information as
66	+# "Did not receive identification string".
67	+# Author: Yaroslav Halchenko
68	+
69	+[INCLUDES]
70	+
71	+# Read common prefixes. If any customizations available -- read them from
72	+# common.local
73	+before = common.conf
74	+
75	+[Definition]
76	+
77	+_daemon = sshd
78	+
79	+failregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
80	+
81	+ignoreregex =.
82	+
83	+[Init]
84	+
85	+journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd