[packages/fail2ban.git] / logifiles.patch

--- fail2ban-0.8.11/config/jail.conf.orig	2014-01-06 20:44:20.948073144 +0100
+++ fail2ban-0.8.11/config/jail.conf	2014-01-06 20:52:15.888069706 +0100
@@ -75,7 +75,7 @@
 filter   = sshd
 action   = iptables[name=SSH, port=ssh, protocol=tcp]
            sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
-logpath  = /var/log/sshd.log
+logpath  = /var/log/secure
 maxretry = 5
 
 [proftpd-iptables]
@@ -84,7 +84,7 @@
 filter   = proftpd
 action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
            sendmail-whois[name=ProFTPD, dest=you@example.com]
-logpath  = /var/log/proftpd/proftpd.log
+logpath  = /var/log/secure
 maxretry = 6
 
 
@@ -96,7 +96,7 @@
 backend  = polling
 action   = iptables[name=sasl, port=smtp, protocol=tcp]
            sendmail-whois[name=sasl, dest=you@example.com]
-logpath  = /var/log/mail.log
+logpath  = /var/log/maillog
 
 
 # ASSP SMTP Proxy Jail
@@ -117,7 +117,7 @@
 action      = hostsdeny[daemon_list=sshd]
               sendmail-whois[name=SSH, dest=you@example.com]
 ignoreregex = for myuser from
-logpath     = /var/log/sshd.log
+logpath     = /var/log/secure
 
 
 # Here we use blackhole routes for not requiring any additional kernel support
@@ -127,7 +127,7 @@
 enabled  = false
 filter   = sshd
 action   = route
-logpath  = /var/log/sshd.log
+logpath  = /var/log/secure
 maxretry = 5
 
 
@@ -141,7 +141,7 @@
 enabled  = false
 filter   = sshd
 action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
-logpath  = /var/log/sshd.log
+logpath  = /var/log/secure
 maxretry = 5
 
 
@@ -150,7 +150,7 @@
 enabled  = false
 filter   = sshd
 action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
-logpath  = /var/log/sshd.log
+logpath  = /var/log/secure
 maxretry = 5
 
 
@@ -176,7 +176,7 @@
 enabled  = false
 filter	 = apache-auth
 action   = hostsdeny
-logpath  = /var/log/apache*/*error.log
+logpath  = /var/log/httpd/*error_log
            /home/www/myhomepage/error.log
 maxretry = 6
 
@@ -197,7 +197,7 @@
 filter   = postfix
 action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
            sendmail[name=Postfix, dest=you@example.com]
-logpath  = /var/log/postfix.log
+logpath  = /var/log/maillog
 bantime  = 300
 
 
@@ -233,7 +233,7 @@
 filter   = apache-badbots
 action   = iptables-multiport[name=BadBots, port="http,https"]
            sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
-logpath  = /var/www/*/logs/access_log
+logpath  = /var/log/httpd/*access_log
 bantime  = 172800
 maxretry = 1
 
@@ -245,7 +245,7 @@
 filter   = apache-noscript
 action   = shorewall
            sendmail[name=Postfix, dest=you@example.com]
-logpath  = /var/log/apache2/error_log
+logpath  = /var/log/httpd/error_log
 
 
 # Monitor roundcube server
@@ -276,7 +276,7 @@
 enabled  = false
 action   = iptables-multiport[name=php-url-open, port="http,https"]
 filter   = php-url-fopen
-logpath  = /var/www/*/logs/access_log
+logpath  = /var/log/httpd/*access_log
 maxretry = 1
 
 
@@ -341,7 +341,7 @@
 filter   = named-refused
 action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
            sendmail-whois[name=Named, dest=you@example.com]
-logpath  = /var/log/named/security.log
+logpath  = /var/log/named/named.log
 ignoreip = 168.192.0.1
 
 
@@ -385,7 +385,7 @@
 filter   = mysqld-auth
 action   = iptables[name=mysql, port=3306, protocol=tcp]
            sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
-logpath  = /var/log/mysqld.log
+logpath  = /var/log/mysql/mysqld.log
 maxretry = 5
 
 
@@ -394,7 +394,7 @@
 enabled  = false
 filter   = mysqld-auth
 action   = iptables[name=mysql, port=3306, protocol=tcp]
-logpath  = /var/log/daemon.log
+logpath  = /var/log/mysql/mysqld.log
 maxretry = 5
 
 
@@ -438,7 +438,7 @@
 enabled = false
 filter  = exim
 action  = iptables-multiport[name=exim,port="25,465,587"]
-logpath = /var/log/exim/mainlog
+logpath = /var/log/exim/main.log
 
 
 [exim-spam]
@@ -446,7 +446,7 @@
 enabled = false
 filter  = exim-spam
 action  = iptables-multiport[name=exim-spam,port="25,465,587"]
-logpath = /var/log/exim/mainlog
+logpath = /var/log/exim/main.log
 
 
 [perdition]
@@ -497,7 +497,7 @@
 enabled = false
 filter  = webmin-auth
 action  = iptables-multiport[name=webmin,port="10000"]
-logpath = /var/log/auth.log
+logpath = /var/log/secure
 
 
 # dovecot defaults to logging to the mail syslog facility
@@ -507,7 +507,7 @@
 enabled = false
 filter  = dovecot
 action  = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
-logpath = /var/log/mail.log
+logpath = /var/log/maillog
 
 
 [dovecot-auth]
Commit	Line	Data
8ea7a6c8 JR	1	--- fail2ban-0.8.11/config/jail.conf.orig 2014-01-06 20:44:20.948073144 +0100
	2	+++ fail2ban-0.8.11/config/jail.conf 2014-01-06 20:52:15.888069706 +0100
	3	@@ -75,7 +75,7 @@
	4	filter = sshd
	5	action = iptables[name=SSH, port=ssh, protocol=tcp]
	6	sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
	7	-logpath = /var/log/sshd.log
	8	+logpath = /var/log/secure
	9	maxretry = 5
	10
	11	[proftpd-iptables]
	12	@@ -84,7 +84,7 @@
	13	filter = proftpd
	14	action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
	15	sendmail-whois[name=ProFTPD, dest=you@example.com]
	16	-logpath = /var/log/proftpd/proftpd.log
	17	+logpath = /var/log/secure
	18	maxretry = 6
	19
	20
	21	@@ -96,7 +96,7 @@
	22	backend = polling
	23	action = iptables[name=sasl, port=smtp, protocol=tcp]
	24	sendmail-whois[name=sasl, dest=you@example.com]
	25	-logpath = /var/log/mail.log
	26	+logpath = /var/log/maillog
	27
	28
	29	# ASSP SMTP Proxy Jail
	30	@@ -117,7 +117,7 @@
	31	action = hostsdeny[daemon_list=sshd]
	32	sendmail-whois[name=SSH, dest=you@example.com]
	33	ignoreregex = for myuser from
	34	-logpath = /var/log/sshd.log
	35	+logpath = /var/log/secure
	36
	37
	38	# Here we use blackhole routes for not requiring any additional kernel support
	39	@@ -127,7 +127,7 @@
	40	enabled = false
	41	filter = sshd
	42	action = route
	43	-logpath = /var/log/sshd.log
	44	+logpath = /var/log/secure
	45	maxretry = 5
	46
	47
	48	@@ -141,7 +141,7 @@
	49	enabled = false
	50	filter = sshd
	51	action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
	52	-logpath = /var/log/sshd.log
	53	+logpath = /var/log/secure
	54	maxretry = 5
	55
	56
	57	@@ -150,7 +150,7 @@
	58	enabled = false
	59	filter = sshd
	60	action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
	61	-logpath = /var/log/sshd.log
	62	+logpath = /var/log/secure
	63	maxretry = 5
	64
65
66	@@ -176,7 +176,7 @@
67	enabled = false
68	filter = apache-auth
69	action = hostsdeny
70	-logpath = /var/log/apache/error.log
71	+logpath = /var/log/httpd/*error_log
72	/home/www/myhomepage/error.log
73	maxretry = 6
74
75	@@ -197,7 +197,7 @@
76	filter = postfix
77	action = hostsdeny[file=/not/a/standard/path/hosts.deny]
78	sendmail[name=Postfix, dest=you@example.com]
79	-logpath = /var/log/postfix.log
80	+logpath = /var/log/maillog
81	bantime = 300
82
83
84	@@ -233,7 +233,7 @@
85	filter = apache-badbots
86	action = iptables-multiport[name=BadBots, port="http,https"]
87	sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
88	-logpath = /var/www/*/logs/access_log
89	+logpath = /var/log/httpd/*access_log
90	bantime = 172800
91	maxretry = 1
92
93	@@ -245,7 +245,7 @@
94	filter = apache-noscript
95	action = shorewall
96	sendmail[name=Postfix, dest=you@example.com]
97	-logpath = /var/log/apache2/error_log
98	+logpath = /var/log/httpd/error_log
99
100
101	# Monitor roundcube server
102	@@ -276,7 +276,7 @@
103	enabled = false
104	action = iptables-multiport[name=php-url-open, port="http,https"]
105	filter = php-url-fopen
106	-logpath = /var/www/*/logs/access_log
107	+logpath = /var/log/httpd/*access_log
108	maxretry = 1
109
110
111	@@ -341,7 +341,7 @@
112	filter = named-refused
113	action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
114	sendmail-whois[name=Named, dest=you@example.com]
115	-logpath = /var/log/named/security.log
116	+logpath = /var/log/named/named.log
117	ignoreip = 168.192.0.1
118
119
120	@@ -385,7 +385,7 @@
121	filter = mysqld-auth
122	action = iptables[name=mysql, port=3306, protocol=tcp]
123	sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
124	-logpath = /var/log/mysqld.log
125	+logpath = /var/log/mysql/mysqld.log
126	maxretry = 5
127
128
129	@@ -394,7 +394,7 @@
130	enabled = false
131	filter = mysqld-auth
132	action = iptables[name=mysql, port=3306, protocol=tcp]
133	-logpath = /var/log/daemon.log
134	+logpath = /var/log/mysql/mysqld.log
135	maxretry = 5
136
137
138	@@ -438,7 +438,7 @@
139	enabled = false
140	filter = exim
141	action = iptables-multiport[name=exim,port="25,465,587"]
142	-logpath = /var/log/exim/mainlog
143	+logpath = /var/log/exim/main.log
144
145
146	[exim-spam]
147	@@ -446,7 +446,7 @@
148	enabled = false
149	filter = exim-spam
150	action = iptables-multiport[name=exim-spam,port="25,465,587"]
151	-logpath = /var/log/exim/mainlog
152	+logpath = /var/log/exim/main.log
153
154
155	[perdition]
156	@@ -497,7 +497,7 @@
157	enabled = false
158	filter = webmin-auth
159	action = iptables-multiport[name=webmin,port="10000"]
160	-logpath = /var/log/auth.log
161	+logpath = /var/log/secure
162
163
164	# dovecot defaults to logging to the mail syslog facility
165	@@ -507,7 +507,7 @@
166	enabled = false
167	filter = dovecot
168	action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
169	-logpath = /var/log/mail.log
170	+logpath = /var/log/maillog
171
172
173	[dovecot-auth]