commit fail2ban.1800 for openSUSE:12.2:Update

Hello community, here is the log from the commit of package fail2ban.1800 for openSUSE:12.2:Update checked in at 2013-07-02 11:14:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/fail2ban.1800 (Old) and /work/SRC/openSUSE:12.2:Update/.fail2ban.1800.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "fail2ban.1800" Changes: -------- New Changes file: --- /dev/null 2013-07-02 09:26:14.908030755 +0200 +++ /work/SRC/openSUSE:12.2:Update/.fail2ban.1800.new/fail2ban.changes 2013-07-02 11:14:30.000000000 +0200 @@ -0,0 +1,87 @@ +------------------------------------------------------------------- +Fri Jun 14 13:02:51 UTC 2013 - jweberhofer@weberhofer.at + +- Fixes: Yaroslav Halchenko + * [6ccd5781] filter.d/apache-{auth,nohome,noscript,overflows} - anchor + failregex at the beginning (and where applicable at the end). + Addresses a possible DoS. + Closes gh#fail2ban/fail2ban#248, CVE-2013-2178, bnc#824710 + +------------------------------------------------------------------- +Tue Mar 26 08:12:51 UTC 2013 - jweberhofer@weberhofer.at + +- fail2ban: does not escape the content of <matches> + (bnc#794953, CVE-2012-5642): fail2ban-0.8.4-CVE-2012-5642.patch + +------------------------------------------------------------------- +Mon Dec 3 16:06:56 UTC 2012 - jweberhofer@weberhofer.at + +- Fixed initscript as discussed in bnc#790557 + +------------------------------------------------------------------- +Tue Jul 31 16:18:11 CEST 2012 - asemen@suse.de + +- Adding to fail2ban.init remove of pid and sock files on stop + in case not removed before (prevents start fail) + +------------------------------------------------------------------- +Sun Jun 3 13:08:36 UTC 2012 - jweberhofer@weberhofer.at + +- Update to version 0.8.6. containing various fixes and enhancements + +------------------------------------------------------------------- +Fri Nov 18 22:04:03 UTC 2011 - lchiquitto@suse.com + +- Update to version 0.8.5: many bug fixes, enhancements and, as + a bonus, drop two patches that are now upstream +- Update FSF address to silent rpmlint warnings +- Drop stale socket files on startup (bnc#537239, bnc#730044) + +------------------------------------------------------------------- +Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de + +- Apply packaging guidelines (remove redundant/obsolete + tags/sections from specfile, etc.) + +------------------------------------------------------------------- +Thu Sep 1 14:07:28 UTC 2011 - coolo@suse.com + +- Use /var/run/fail2ban instead of /tmp for temp files in + actions: see bugs.debian.org/544232, bnc#690853, + CVE-2009-5023 + +------------------------------------------------------------------- +Thu Jan 6 16:56:30 UTC 2011 - lchiquitto@suse.com + +- Use $FAIL2BAN_OPTIONS when starting (bnc#662495) +- Clean up sysconfig file + +------------------------------------------------------------------- +Tue Jul 27 20:39:41 UTC 2010 - cristian.rodriguez@opensuse.org + +- Use O_CLOEXEC on fds (patch from Fedora) + +------------------------------------------------------------------- +Wed May 5 16:48:46 UTC 2010 - lchiquitto@suse.com + +- Create /var/run/fail2ban during startup to support systems that + mount /var/run as tmpfs +- Build package as noarch +- Spec file cleanup: fix a couple of rpmlint warnings +- Init script: look for fail2ban-server when checking if the + daemon is running + +------------------------------------------------------------------- +Thu Nov 26 16:05:42 CET 2009 - lchiquitto@suse.com + +- Update to version 0.8.4. Important changes: + * New "Ban IP" command + * New filters: lighttpd-fastcgi php-url-fopen cyrus-imap sieve + * Fixed the 'unexpected communication error' problem + * Remove socket file on startup if fail2ban crashed (bnc#537239) + +------------------------------------------------------------------- +Wed Feb 4 18:19:39 CET 2009 - kssingvo@suse.de + +- Initial version: 0.8.3 + New: ---- fail2ban-0.8.6-CVE-2012-5642.patch fail2ban-0.8.6-CVE-2013-2178.patch fail2ban-0.8.6-update-fsf-address.patch fail2ban-0.8.6.tar.bz2 fail2ban.changes fail2ban.init fail2ban.spec fail2ban.sysconfig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fail2ban.spec ++++++ # # spec file for package fail2ban # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: fail2ban Requires: cron Requires: logrotate Requires: lsof Requires: python >= 2.5 BuildRequires: python-devel PreReq: %fillup_prereq Version: 0.8.6 Release: 0 Url: http://www.fail2ban.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch Summary: Bans IP addresses that make too many authentication failures License: GPL-2.0+ Group: Productivity/Networking/Security Source0: %{name}-%{version}.tar.bz2 Source1: %{name}.init Source2: %{name}.sysconfig Patch0: fail2ban-%{version}-update-fsf-address.patch # PATCH-FIX-UPSTREAM fail2ban-0.8.6-CVE-2012-5642.patch [bnc#794953, CVE-2012-5642] Patch1: fail2ban-0.8.6-CVE-2012-5642.patch # PATCH-FIX-UPSTREAM fail2ban-0.8.6-CVE-2013-2178.patch [bnc#824710, CVE-2013-2178] Patch2: fail2ban-0.8.6-CVE-2013-2178.patch %description Fail2ban scans log files like /var/log/messages and bans IP addresses that makes too many password failures. It updates firewall rules to reject the IP address, can send e-mails, or set host.deny entries. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones. %prep %setup %patch0 -p1 %patch1 -p1 %patch2 -p1 %build export CFLAGS="$RPM_OPT_FLAGS" python setup.py build gzip man/*.1 %install python setup.py install \ --root=$RPM_BUILD_ROOT \ --prefix=%{_prefix} install -d -m755 $RPM_BUILD_ROOT/%{_mandir}/man1 for i in fail2ban-client fail2ban-regex fail2ban-server; do install -m644 man/${i}.1.gz $RPM_BUILD_ROOT/%{_mandir}/man1 done install -d -m755 $RPM_BUILD_ROOT/%{_sysconfdir}/init.d install -d -m755 $RPM_BUILD_ROOT/usr/sbin install -m755 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/%{name} ln -sf /etc/init.d/%{name} ${RPM_BUILD_ROOT}/usr/sbin/rc%{name} install -d -m755 $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{name} %post %{fillup_only} %preun %stop_on_removal %{name} %postun %restart_on_update %{name} %insserv_cleanup %files %defattr(-, root, root) %dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}/action.d %dir %{_sysconfdir}/%{name}/filter.d %config %{_sysconfdir}/%{name}/*.conf %config %{_sysconfdir}/%{name}/action.d/*.conf %config %{_sysconfdir}/%{name}/filter.d/*.conf %{_sysconfdir}/init.d/%{name} /usr/bin/%{name}* /usr/sbin/rc%{name} /usr/share/%{name} %dir %ghost /var/run/%{name} /var/adm/fillup-templates/sysconfig.%{name} %doc %{_mandir}/man1/* %doc COPYING ChangeLog README TODO files/cacti %changelog ++++++ fail2ban-0.8.6-CVE-2012-5642.patch ++++++

From 83109bce144f443a48ef31165a5389b7b83f4e0e Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Mon, 8 Oct 2012 22:14:51 -0400 Subject: [PATCH] BF: escape the content of <matches> since its value could contain arbitrary symbols

--- server/action.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/server/action.py b/server/action.py index faf5065..387c115 100644 --- a/server/action.py +++ b/server/action.py @@ -230,7 +230,14 @@ def getActionStop(self): def execActionStop(self): stopCmd = Action.replaceTag(self.__actionStop, self.__cInfo) return Action.executeCmd(stopCmd) - + + def escapeTag(tag): + for c in '\\#&;`|*?~<>^()[]{}$\n': + if c in tag: + tag = tag.replace(c, '\\' + c) + return tag + escapeTag = staticmethod(escapeTag) + ## # Replaces tags in query with property values in aInfo. # @@ -243,8 +250,13 @@ def replaceTag(query, aInfo): """ Replace tags in query """ string = query - for tag in aInfo: - string = string.replace('<' + tag + '>', str(aInfo[tag])) + for tag, value in aInfo.iteritems(): + value = str(value) # assure string + if tag == 'matches': + # That one needs to be escaped since its content is + # out of our control + value = escapeTag(value) + string = string.replace('<' + tag + '>', value) # New line string = string.replace("<br>", '\n') return string -- 1.8.1.5 ++++++ fail2ban-0.8.6-CVE-2013-2178.patch ++++++ diff -Nur fail2ban-0.8.6-orig/config/filter.d/apache-auth.conf fail2ban-0.8.6/config/filter.d/apache-auth.conf --- fail2ban-0.8.6-orig/config/filter.d/apache-auth.conf 2011-11-29 04:46:04.000000000 +0100 +++ fail2ban-0.8.6/config/filter.d/apache-auth.conf 2013-06-14 15:00:50.880752638 +0200 @@ -5,6 +5,12 @@ # $Revision$ # +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = apache-common.conf + [Definition] # Option: failregex @@ -14,9 +20,7 @@ # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # -failregex = [[]client <HOST>[]] user .* authentication failure - [[]client <HOST>[]] user .* not found - [[]client <HOST>[]] user .* password mismatch +failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff -Nur fail2ban-0.8.6-orig/config/filter.d/apache-auth.conf.orig fail2ban-0.8.6/config/filter.d/apache-auth.conf.orig --- fail2ban-0.8.6-orig/config/filter.d/apache-auth.conf.orig 1970-01-01 01:00:00.000000000 +0100 +++ fail2ban-0.8.6/config/filter.d/apache-auth.conf.orig 2011-11-29 04:46:04.000000000 +0100 @@ -0,0 +1,25 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# +# $Revision$ +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failure messages in the logfile. The +# host must be matched by a group named "host". The tag "<HOST>" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) +# Values: TEXT +# +failregex = [[]client <HOST>[]] user .* authentication failure + [[]client <HOST>[]] user .* not found + [[]client <HOST>[]] user .* password mismatch + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff -Nur fail2ban-0.8.6-orig/config/filter.d/apache-common.conf fail2ban-0.8.6/config/filter.d/apache-common.conf --- fail2ban-0.8.6-orig/config/filter.d/apache-common.conf 1970-01-01 01:00:00.000000000 +0100 +++ fail2ban-0.8.6/config/filter.d/apache-common.conf 2013-06-14 15:00:50.888752790 +0200 @@ -0,0 +1,17 @@ +# Generic configuration items (to be used as interpolations) in other +# apache filters +# +# Author: Yaroslav Halchenko +# +# + +[INCLUDES] + +# Load customizations if any available +after = apache-common.local + + +[DEFAULT] + +# Common prefix for [error] apache messages which also would include <HOST> +_apache_error_client = \[[^]]+\] \[error\] \[client <HOST>\] diff -Nur fail2ban-0.8.6-orig/config/filter.d/apache-nohome.conf fail2ban-0.8.6/config/filter.d/apache-nohome.conf --- fail2ban-0.8.6-orig/config/filter.d/apache-nohome.conf 2011-11-29 04:46:04.000000000 +0100 +++ fail2ban-0.8.6/config/filter.d/apache-nohome.conf 2013-06-14 15:00:50.896752942 +0200 @@ -5,6 +5,12 @@ # $Revision$ # +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = apache-common.conf + [Definition] # Option: failregex @@ -14,7 +20,7 @@ # per-domain log files. # Values: TEXT # -failregex = [[]client <HOST>[]] File does not exist: .*/~.* +failregex = ^%(_apache_error_client)s File does not exist: .*/~.* # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff -Nur fail2ban-0.8.6-orig/config/filter.d/apache-nohome.conf.orig fail2ban-0.8.6/config/filter.d/apache-nohome.conf.orig --- fail2ban-0.8.6-orig/config/filter.d/apache-nohome.conf.orig 1970-01-01 01:00:00.000000000 +0100 +++ fail2ban-0.8.6/config/filter.d/apache-nohome.conf.orig 2011-11-29 04:46:04.000000000 +0100 @@ -0,0 +1,23 @@ +# Fail2Ban configuration file +# +# Author: Yaroslav O. Halchenko +# +# $Revision$ +# + +[Definition] + +# Option: failregex +# Notes.: regex to match failures to find a home directory on a server, which +# became popular last days. Most often attacker just uses IP instead of +# domain name -- so expect to see them in generic error.log if you have +# per-domain log files. +# Values: TEXT +# +failregex = [[]client <HOST>[]] File does not exist: .*/~.* + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff -Nur fail2ban-0.8.6-orig/config/filter.d/apache-noscript.conf fail2ban-0.8.6/config/filter.d/apache-noscript.conf --- fail2ban-0.8.6-orig/config/filter.d/apache-noscript.conf 2011-11-29 04:46:04.000000000 +0100 +++ fail2ban-0.8.6/config/filter.d/apache-noscript.conf 2013-06-14 15:00:50.908753169 +0200 @@ -5,6 +5,12 @@ # $Revision$ # +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = apache-common.conf + [Definition] # Option: failregex @@ -14,8 +20,8 @@ # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # -failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl) - [[]client <HOST>[]] script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat *$ +failregex = ^%(_apache_error_client)s (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)\s*$ + ^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff -Nur fail2ban-0.8.6-orig/config/filter.d/apache-noscript.conf.orig fail2ban-0.8.6/config/filter.d/apache-noscript.conf.orig --- fail2ban-0.8.6-orig/config/filter.d/apache-noscript.conf.orig 1970-01-01 01:00:00.000000000 +0100 +++ fail2ban-0.8.6/config/filter.d/apache-noscript.conf.orig 2011-11-29 04:46:04.000000000 +0100 @@ -0,0 +1,24 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# +# $Revision$ +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failure messages in the logfile. The +# host must be matched by a group named "host". The tag "<HOST>" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) +# Values: TEXT +# +failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl) + [[]client <HOST>[]] script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat *$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff -Nur fail2ban-0.8.6-orig/config/filter.d/apache-overflows.conf fail2ban-0.8.6/config/filter.d/apache-overflows.conf --- fail2ban-0.8.6-orig/config/filter.d/apache-overflows.conf 2011-11-29 04:46:04.000000000 +0100 +++ fail2ban-0.8.6/config/filter.d/apache-overflows.conf 2013-06-14 15:00:50.920753395 +0200 @@ -5,13 +5,19 @@ # $Revision$ # +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = apache-common.conf + [Definition] # Option: failregex # Notes.: Regexp to catch Apache overflow attempts. # Values: TEXT # -failregex = [[]client <HOST>[]] (Invalid (method|URI) in request|request failed: URI too long|erroneous characters after protocol string) +failregex = ^%(_apache_error_client)s (Invalid (method|URI) in request|request failed: URI too long|erroneous characters after protocol string) # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff -Nur fail2ban-0.8.6-orig/config/filter.d/apache-overflows.conf.orig fail2ban-0.8.6/config/filter.d/apache-overflows.conf.orig --- fail2ban-0.8.6-orig/config/filter.d/apache-overflows.conf.orig 1970-01-01 01:00:00.000000000 +0100 +++ fail2ban-0.8.6/config/filter.d/apache-overflows.conf.orig 2011-11-29 04:46:04.000000000 +0100 @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# +# Author: Tim Connors +# +# $Revision$ +# + +[Definition] + +# Option: failregex +# Notes.: Regexp to catch Apache overflow attempts. +# Values: TEXT +# +failregex = [[]client <HOST>[]] (Invalid (method|URI) in request|request failed: URI too long|erroneous characters after protocol string) + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff -Nur fail2ban-0.8.6-orig/testcases/files/logs/apache-auth fail2ban-0.8.6/testcases/files/logs/apache-auth --- fail2ban-0.8.6-orig/testcases/files/logs/apache-auth 1970-01-01 01:00:00.000000000 +0100 +++ fail2ban-0.8.6/testcases/files/logs/apache-auth 2013-06-14 15:00:50.932753622 +0200 @@ -0,0 +1,5 @@ +# Should not match -- DoS vector https://vndh.net/note:fail2ban-089-denial-service +[Sat Jun 01 02:17:42 2013] [error] [client 192.168.33.1] File does not exist: /srv/http/site/[client 192.168.0.1] user root not found + +# should match +[Sat Jun 01 02:17:42 2013] [error] [client 192.168.0.2] user root not found diff -Nur fail2ban-0.8.6-orig/testcases/files/logs/apache-noscript fail2ban-0.8.6/testcases/files/logs/apache-noscript --- fail2ban-0.8.6-orig/testcases/files/logs/apache-noscript 1970-01-01 01:00:00.000000000 +0100 +++ fail2ban-0.8.6/testcases/files/logs/apache-noscript 2013-06-14 15:00:50.940753772 +0200 @@ -0,0 +1 @@ +[Sun Jun 09 07:57:47 2013] [error] [client 192.0.43.10] script '/usr/lib/cgi-bin/gitweb.cgiwp-login.php' not found or unable to stat ++++++ fail2ban-0.8.6-update-fsf-address.patch ++++++ ++++ 650 lines (skipped) ++++++ fail2ban.init ++++++ #!/bin/sh # ### BEGIN INIT INFO # Provides: fail2ban # Required-Start: $syslog $remote_fs $local_fs # Should-Start: $time $network iptables # Required-Stop: $syslog $remote_fs $local_fs # Should-Stop: $time $network iptables # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Pidfile: /var/run/fail2ban/fail2ban.pid # Short-Description: Bans IPs with too many authentication failures # Description: Start fail2ban to scan logfiles and ban IP addresses # which make too many logfiles failures, and/or sent e-mails about ### END INIT INFO # Check for missing binaries (stale symlinks should not happen) FAIL2BAN_CLI=/usr/bin/fail2ban-client test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FAIL2BAN_SRV=/usr/bin/fail2ban-server test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FAIL2BAN_CONFIG="/etc/sysconfig/fail2ban" FAIL2BAN_SOCKET_DIR="/var/run/fail2ban" FAIL2BAN_SOCKET="$FAIL2BAN_SOCKET_DIR/fail2ban.sock" FAIL2BAN_PID="$FAIL2BAN_SOCKET_DIR/fail2ban.pid" if [ -e $FAIL2BAN_CONFIG ]; then . $FAIL2BAN_CONFIG fi . /etc/rc.status rc_reset case "$1" in start) echo -n "Starting fail2ban " if [ ! -d $FAIL2BAN_SOCKET_DIR ]; then mkdir -p $FAIL2BAN_SOCKET_DIR fi if [ -e $FAIL2BAN_SOCKET ]; then if ! lsof -n $FAIL2BAN_SOCKET &>/dev/null; then rm $FAIL2BAN_SOCKET fi fi $FAIL2BAN_CLI -x -q $FAIL2BAN_OPTIONS start &>/dev/null 2>&1 rc_status -v ;; stop) echo -n "Shutting down fail2ban " ## Stop daemon with built-in functionality 'stop' /sbin/startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1 if [ -f $FAIL2BAN_SOCKET ] then echo "$FAIL2BAN_SOCKET not removed .. removing .." rm $FAIL2BAN_SOCKET fi if [ -f $FAIL2BAN_PID ] then echo "$FAIL2BAN_PID not removed .. removing .." rm $FAIL2BAN_PID fi rc_status -v ;; try-restart|condrestart) $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi rc_status ;; restart) $0 stop i=60 while [ -e $FAIL2BAN_SOCKET ] && [ $i -gt 0 ]; do sleep 1 i=$[$i-1] echo -n "." done $0 start rc_status ;; reload|force-reload) echo -n "Reload service Fail2ban " /sbin/startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1 rc_status -v ;; status) echo -n "Checking for service fail2ban " /sbin/checkproc $FAIL2BAN_SRV rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit ++++++ fail2ban.sysconfig ++++++ ## Path: System/Security/Fail2ban ## Description: fail2ban options ## Type: string ## Default: "" ## ServiceReload: fail2ban ## ServiceRestart: fail2ban # # Options for fail2ban # FAIL2BAN_OPTIONS="" -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org