maybe chmod 0755 'bash'
maybe chmod 0644 'bash/bash_logout'
maybe chmod 0644 'bash/bashrc'
+maybe chmod 0755 'bash/bashrc.d'
+maybe chmod 0644 'bash/bashrc.d/.keep_app-shells_bash-0'
maybe chmod 0755 'bash_completion.d'
maybe chown 'named' 'bind'
maybe chmod 0755 'bind'
maybe chmod 0644 'config-archive/etc/bash/bashrc'
maybe chmod 0644 'config-archive/etc/bash/bashrc.1'
maybe chmod 0644 'config-archive/etc/bash/bashrc.2'
+maybe chmod 0644 'config-archive/etc/bash/bashrc.3'
maybe chmod 0644 'config-archive/etc/bash/bashrc.dist'
+maybe chmod 0644 'config-archive/etc/bash/bashrc.dist.new'
maybe chmod 0755 'config-archive/etc/bind'
maybe chmod 0640 'config-archive/etc/bind/bind.keys'
maybe chmod 0640 'config-archive/etc/bind/bind.keys.dist'
maybe chmod 0644 'config-archive/etc/eselect/postgresql/slots/9.1/server.dist'
maybe chmod 0755 'config-archive/etc/fail2ban'
maybe chmod 0644 'config-archive/etc/fail2ban/fail2ban.conf'
+maybe chmod 0644 'config-archive/etc/fail2ban/fail2ban.conf.1'
maybe chmod 0644 'config-archive/etc/fail2ban/fail2ban.conf.dist'
maybe chmod 0644 'config-archive/etc/hosts'
maybe chmod 0644 'config-archive/etc/hosts.dist.new'
maybe chown 'mail' 'courier/authlib/authpgsqlrc.dist'
maybe chgrp 'mail' 'courier/authlib/authpgsqlrc.dist'
maybe chmod 0660 'courier/authlib/authpgsqlrc.dist'
-maybe chmod 0640 'courier/authlib/authsqliterc'
+maybe chown 'mail' 'courier/authlib/authsqliterc'
+maybe chgrp 'mail' 'courier/authlib/authsqliterc'
+maybe chmod 0660 'courier/authlib/authsqliterc'
maybe chown 'mail' 'courier/authlib/authsqliterc.dist'
maybe chgrp 'mail' 'courier/authlib/authsqliterc.dist'
maybe chmod 0660 'courier/authlib/authsqliterc.dist'
maybe chmod 0644 'fail2ban/action.d/complain.conf'
maybe chmod 0644 'fail2ban/action.d/dshield.conf'
maybe chmod 0644 'fail2ban/action.d/dummy.conf'
+maybe chmod 0644 'fail2ban/action.d/firewallcmd-allports.conf'
maybe chmod 0644 'fail2ban/action.d/firewallcmd-ipset.conf'
+maybe chmod 0644 'fail2ban/action.d/firewallcmd-multiport.conf'
maybe chmod 0644 'fail2ban/action.d/firewallcmd-new.conf'
maybe chmod 0644 'fail2ban/action.d/hostsdeny.conf'
maybe chmod 0644 'fail2ban/action.d/ipfilter.conf'
maybe chmod 0644 'fail2ban/action.d/mail-whois.conf'
maybe chmod 0644 'fail2ban/action.d/mail.conf'
maybe chmod 0644 'fail2ban/action.d/mynetwatchman.conf'
+maybe chmod 0644 'fail2ban/action.d/nsupdate.conf'
maybe chmod 0644 'fail2ban/action.d/osx-afctl.conf'
maybe chmod 0644 'fail2ban/action.d/osx-ipfw.conf'
maybe chmod 0644 'fail2ban/action.d/pf.conf'
maybe chmod 0644 'fail2ban/action.d/route.conf'
maybe chmod 0644 'fail2ban/action.d/sendmail-buffered.conf'
maybe chmod 0644 'fail2ban/action.d/sendmail-common.conf'
+maybe chmod 0644 'fail2ban/action.d/sendmail-geoip-lines.conf'
maybe chmod 0644 'fail2ban/action.d/sendmail-whois-ipjailmatches.conf'
maybe chmod 0644 'fail2ban/action.d/sendmail-whois-ipmatches.conf'
maybe chmod 0644 'fail2ban/action.d/sendmail-whois-lines.conf'
maybe chmod 0644 'fail2ban/filter.d/apache-badbots.conf'
maybe chmod 0644 'fail2ban/filter.d/apache-botsearch.conf'
maybe chmod 0644 'fail2ban/filter.d/apache-common.conf'
+maybe chmod 0644 'fail2ban/filter.d/apache-fakegooglebot.conf'
maybe chmod 0644 'fail2ban/filter.d/apache-modsecurity.conf'
maybe chmod 0644 'fail2ban/filter.d/apache-nohome.conf'
maybe chmod 0644 'fail2ban/filter.d/apache-noscript.conf'
maybe chmod 0644 'fail2ban/filter.d/apache-shellshock.conf'
maybe chmod 0644 'fail2ban/filter.d/assp.conf'
maybe chmod 0644 'fail2ban/filter.d/asterisk.conf'
+maybe chmod 0644 'fail2ban/filter.d/botsearch-common.conf'
maybe chmod 0644 'fail2ban/filter.d/common.conf'
maybe chmod 0644 'fail2ban/filter.d/counter-strike.conf'
maybe chmod 0644 'fail2ban/filter.d/courier-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/directadmin.conf'
maybe chmod 0644 'fail2ban/filter.d/dovecot.conf'
maybe chmod 0644 'fail2ban/filter.d/dropbear.conf'
+maybe chmod 0644 'fail2ban/filter.d/drupal-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/ejabberd-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/exim-common.conf'
maybe chmod 0644 'fail2ban/filter.d/exim-spam.conf'
maybe chmod 0644 'fail2ban/filter.d/gssftpd.conf'
maybe chmod 0644 'fail2ban/filter.d/guacamole.conf'
maybe chmod 0644 'fail2ban/filter.d/horde.conf'
+maybe chmod 0755 'fail2ban/filter.d/ignorecommands'
+maybe chmod 0755 'fail2ban/filter.d/ignorecommands/apache-fakegooglebot'
maybe chmod 0644 'fail2ban/filter.d/kerio.conf'
maybe chmod 0644 'fail2ban/filter.d/lighttpd-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/monit.conf'
maybe chmod 0644 'fail2ban/filter.d/mysqld-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/nagios.conf'
maybe chmod 0644 'fail2ban/filter.d/named-refused.conf'
+maybe chmod 0644 'fail2ban/filter.d/nginx-botsearch.conf'
maybe chmod 0644 'fail2ban/filter.d/nginx-http-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/nsd.conf'
maybe chmod 0644 'fail2ban/filter.d/openwebmail.conf'
maybe chmod 0644 'fail2ban/filter.d/perdition.conf'
maybe chmod 0644 'fail2ban/filter.d/php-url-fopen.conf'
maybe chmod 0644 'fail2ban/filter.d/portsentry.conf'
+maybe chmod 0644 'fail2ban/filter.d/postfix-rbl.conf'
maybe chmod 0644 'fail2ban/filter.d/postfix-sasl.conf'
maybe chmod 0644 'fail2ban/filter.d/postfix.conf'
maybe chmod 0644 'fail2ban/filter.d/proftpd.conf'
shopt -s checkwinsize
# Enable history appending instead of overwriting. #139609
+# Disable completion when the input buffer is empty. i.e. Hitting tab
+# and waiting a long time for bash to expand all of $PATH.
+shopt -s no_empty_cmd_completion
+
+# Enable history appending instead of overwriting when exiting. #139609
shopt -s histappend
# Change the window title of X terminals
case ${TERM} in
xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*)
- PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
+ PROMPT_COMMAND='history -a; echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
;;
screen*)
- PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+ PROMPT_COMMAND='history -a; echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+ ;;
+ *)
+ PROMPT_COMMAND='history -a'
;;
esac
fi
fi
+for sh in /etc/bash/bashrc.d/* ; do
+ [[ -r ${sh} ]] && source "${sh}"
+done
+
# Try to keep environment pollution down, EPA loves us.
-unset use_color safe_term match_lhs
+unset use_color safe_term match_lhs sh
if [ -d /usr/scripts ] ; then
PATH=/usr/scripts:$PATH
# Change the window title of X terminals
case ${TERM} in
- xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix)
+ xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
;;
screen*)
# Change the window title of X terminals
case ${TERM} in
- xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix)
+ xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
;;
- screen)
+ screen*)
PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
;;
esac
alias ls='ls --color=auto'
alias grep='grep --colour=auto'
+ alias egrep='egrep --colour=auto'
+ alias fgrep='fgrep --colour=auto'
else
if [[ ${EUID} == 0 ]] ; then
# show root@ when we don't have colors
export PATH
fi
-if [ -d $HOME/lib ] ; then
- PERL5LIB=$HOME/lib
- export PERL5LIB
+if [ -d "$HOME/lib" ] ; then
+ if [ -d "$HOME/lib/perl" ] ; then
+ if [ -z "${PERL5LIB}" ] ; then
+ export PERL5LIB="$HOME/lib/perl"
+ else
+ export PERL5LIB="$HOME/lib/perl:${PERL5LIB}"
+ fi
+ fi
+ if [ -d "$HOME/lib/python" ] ; then
+ if [ -z "${PYTHONPATH}" ] ; then
+ export PYTHONPATH="$HOME/lib/python"
+ else
+ export PYTHONPATH="$HOME/lib/python:${PYTHONPATH}"
+ fi
+ fi
fi
#if [[ ${EUID} == 0 ]] ; then
. /usr/share/mc/mc.gentoo
fi
-if [ -f /etc/profile.d/bash-completion ]; then
- . /etc/profile.d/bash-completion
+if [ -e /etc/bash_completion.d/git ] ; then
if [[ ${EUID} == 0 ]] ; then
PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]'
else
--- /dev/null
+# /etc/bash/bashrc
+#
+# This file is sourced by all *interactive* bash shells on startup,
+# including some apparently interactive shells such as scp and rcp
+# that can't tolerate any output. So make sure this doesn't display
+# anything or bad things will happen !
+
+
+# Test for an interactive shell. There is no need to set anything
+# past this point for scp and rcp, and it's important to refrain from
+# outputting anything in those cases.
+if [[ $- != *i* ]] ; then
+ # Shell is non-interactive. Be done now!
+ return
+fi
+
+# Bash won't get SIGWINCH if another process is in the foreground.
+# Enable checkwinsize so that bash will check the terminal size when
+# it regains control. #65623
+# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11)
+shopt -s checkwinsize
+
+# Enable history appending instead of overwriting. #139609
+shopt -s histappend
+
+# Change the window title of X terminals
+case ${TERM} in
+ xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix)
+ PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
+ ;;
+ screen)
+ PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+ ;;
+esac
+
+use_color=false
+
+# Set colorful PS1 only on colorful terminals.
+# dircolors --print-database uses its own built-in database
+# instead of using /etc/DIR_COLORS. Try to use the external file
+# first to take advantage of user additions. Use internal bash
+# globbing instead of external grep binary.
+safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM
+match_lhs=""
+[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
+[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
+[[ -z ${match_lhs} ]] \
+ && type -P dircolors >/dev/null \
+ && match_lhs=$(dircolors --print-database)
+[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
+
+if ${use_color} ; then
+ # Enable colors for ls, etc. Prefer ~/.dir_colors #64489
+ if type -P dircolors >/dev/null ; then
+ if [[ -f ~/.dir_colors ]] ; then
+ eval $(dircolors -b ~/.dir_colors)
+ elif [[ -f /etc/DIR_COLORS ]] ; then
+ eval $(dircolors -b /etc/DIR_COLORS)
+ fi
+ fi
+
+ if [[ ${EUID} == 0 ]] ; then
+ #PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] '
+ PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]'
+ else
+ #PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
+ PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w > \[\033[00m\]'
+ fi
+
+ alias ls='ls --color=auto'
+ alias grep='grep --colour=auto'
+else
+ if [[ ${EUID} == 0 ]] ; then
+ # show root@ when we don't have colors
+ PS1='\u@\h \W \$ '
+ else
+ PS1='\u@\h \w \$ '
+ fi
+fi
+
+# Try to keep environment pollution down, EPA loves us.
+unset use_color safe_term match_lhs
+
+if [ -d /usr/scripts ] ; then
+ PATH=/usr/scripts:$PATH
+ export PATH
+fi
+
+if [ -d $HOME/bin ] ; then
+ PATH=$PATH:$HOME/bin
+ export PATH
+fi
+
+if [ -d $HOME/lib ] ; then
+ PERL5LIB=$HOME/lib
+ export PERL5LIB
+fi
+
+#if [[ ${EUID} == 0 ]] ; then
+# alias ll="ls -lA"
+#else
+# alias ll="ls -l"
+#fi
+alias l="ls -l"
+alias ll="ls -lA"
+alias la="ls -la"
+alias md=mkdir
+alias rd=rmdir
+alias ..='cd ..'
+alias ...='cd ../..'
+alias cd..='cd ..'
+alias cd...='cd ../..'
+alias pl="ps -fu $(whoami)"
+
+lcd() {
+ cd $( perl -e '
+use strict;
+use Cwd;
+my $new = shift;
+my $cwd = Cwd::abs_path(getcwd());
+my $newa = $cwd;
+if ($new){
+ $newa = Cwd::abs_path($new);
+ $newa = $cwd unless $newa;
+};
+printf("%s\n", $newa);
+' $1 )
+}
+
+export LESS="-R -M -I --shift 5"
+export LESSCHARSET="utf-8"
+
+HISTCONTROL=ignoreboth
+HISTSIZE=50000
+HISTFILESIZE=50000
+HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S '
+
+if [ -f /usr/share/mc/mc.gentoo ]; then
+ . /usr/share/mc/mc.gentoo
+fi
+
+if [ -f /etc/profile.d/bash-completion ]; then
+ . /etc/profile.d/bash-completion
+ if [[ ${EUID} == 0 ]] ; then
+ PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]'
+ else
+ PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] > \[\033[00m\]'
+ fi
+fi
+
+
+# vim: ts=4 expandtab
--- /dev/null
+# /etc/bash/bashrc
+#
+# This file is sourced by all *interactive* bash shells on startup,
+# including some apparently interactive shells such as scp and rcp
+# that can't tolerate any output. So make sure this doesn't display
+# anything or bad things will happen !
+
+
+# Test for an interactive shell. There is no need to set anything
+# past this point for scp and rcp, and it's important to refrain from
+# outputting anything in those cases.
+if [[ $- != *i* ]] ; then
+ # Shell is non-interactive. Be done now!
+ return
+fi
+
+# Bash won't get SIGWINCH if another process is in the foreground.
+# Enable checkwinsize so that bash will check the terminal size when
+# it regains control. #65623
+# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11)
+shopt -s checkwinsize
+
+# Disable completion when the input buffer is empty. i.e. Hitting tab
+# and waiting a long time for bash to expand all of $PATH.
+shopt -s no_empty_cmd_completion
+
+# Enable history appending instead of overwriting when exiting. #139609
+shopt -s histappend
+
+# Save each command to the history file as it's executed. #517342
+# This does mean sessions get interleaved when reading later on, but this
+# way the history is always up to date. History is not synced across live
+# sessions though; that is what `history -n` does.
+# Disabled by default due to concerns related to system recovery when $HOME
+# is under duress, or lives somewhere flaky (like NFS). Constantly syncing
+# the history will halt the shell prompt until it's finished.
+#PROMPT_COMMAND='history -a'
+
+# Change the window title of X terminals
+case ${TERM} in
+ xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*)
+ PS1='\[\033]0;\u@\h:\w\007\]'
+ ;;
+ screen*)
+ PS1='\[\033k\u@\h:\w\033\\\]'
+ ;;
+ *)
+ unset PS1
+ ;;
+esac
+
+use_color=false
+
+# Set colorful PS1 only on colorful terminals.
+# dircolors --print-database uses its own built-in database
+# instead of using /etc/DIR_COLORS. Try to use the external file
+# first to take advantage of user additions. Use internal bash
+# globbing instead of external grep binary.
+safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM
+match_lhs=""
+[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
+[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
+[[ -z ${match_lhs} ]] \
+ && type -P dircolors >/dev/null \
+ && match_lhs=$(dircolors --print-database)
+[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
+
+if ${use_color} ; then
+ # Enable colors for ls, etc. Prefer ~/.dir_colors #64489
+ if type -P dircolors >/dev/null ; then
+ if [[ -f ~/.dir_colors ]] ; then
+ eval $(dircolors -b ~/.dir_colors)
+ elif [[ -f /etc/DIR_COLORS ]] ; then
+ eval $(dircolors -b /etc/DIR_COLORS)
+ fi
+ fi
+
+ if [[ ${EUID} == 0 ]] ; then
+ PS1+='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] '
+ else
+ PS1+='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
+ fi
+
+ alias ls='ls --color=auto'
+ alias grep='grep --colour=auto'
+ alias egrep='egrep --colour=auto'
+ alias fgrep='fgrep --colour=auto'
+else
+ if [[ ${EUID} == 0 ]] ; then
+ # show root@ when we don't have colors
+ PS1+='\u@\h \W \$ '
+ else
+ PS1+='\u@\h \w \$ '
+ fi
+fi
+
+for sh in /etc/bash/bashrc.d/* ; do
+ [[ -r ${sh} ]] && source "${sh}"
+done
+
+# Try to keep environment pollution down, EPA loves us.
+unset use_color safe_term match_lhs sh
# file, but provide customizations in fail2ban.local file, e.g.:
#
# [Definition]
-# loglevel = 4
+# loglevel = DEBUG
#
[Definition]
# Option: loglevel
# Notes.: Set the log level output.
-# 1 = ERROR
-# 2 = WARN
-# 3 = INFO
-# 4 = DEBUG
-# Values: [ NUM ] Default: 1
+# CRITICAL
+# ERROR
+# WARNING
+# NOTICE
+# INFO
+# DEBUG
+# Values: [ LEVEL ] Default: ERROR
#
-loglevel = 3
+loglevel = INFO
# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
#
pidfile = /run/fail2ban/fail2ban.pid
+# Options: dbfile
+# Notes.: Set the file for the fail2ban persistent data to be stored.
+# A value of ":memory:" means database is only stored in memory
+# and data is lost when fail2ban is stopped.
+# A value of "None" disables the database.
+# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
+dbfile = /var/lib/fail2ban/fail2ban.sqlite3
+
+# Options: dbpurgeage
+# Notes.: Sets age at which bans should be purged from the database
+# Values: [ SECONDS ] Default: 86400 (24hours)
+dbpurgeage = 86400
+
# vim: filetype=dosini
--- /dev/null
+# Fail2Ban main configuration file
+#
+# Comments: use '#' for comment lines and ';' (following a space) for inline comments
+#
+# Changes: in most of the cases you should not modify this
+# file, but provide customizations in fail2ban.local file, e.g.:
+#
+# [Definition]
+# loglevel = 4
+#
+
+[Definition]
+
+# Option: loglevel
+# Notes.: Set the log level output.
+# 1 = ERROR
+# 2 = WARN
+# 3 = INFO
+# 4 = DEBUG
+# Values: [ NUM ] Default: 1
+#
+loglevel = 3
+
+# Option: logtarget
+# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
+# Only one log target can be specified.
+# If you change logtarget from the default value and you are
+# using logrotate -- also adjust or disable rotation in the
+# corresponding configuration file
+# (e.g. /etc/logrotate.d/fail2ban on Debian systems)
+# Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR
+#
+logtarget = /var/log/fail2ban.log
+
+# Option: socket
+# Notes.: Set the socket file. This is used to communicate with the daemon. Do
+# not remove this file when Fail2ban runs. It will not be possible to
+# communicate with the server afterwards.
+# Values: [ FILE ] Default: /run/fail2ban/fail2ban.sock
+#
+socket = /run/fail2ban/fail2ban.sock
+
+# Option: pidfile
+# Notes.: Set the PID file. This is used to store the process ID of the
+# fail2ban server.
+# Values: [ FILE ] Default: /run/fail2ban/fail2ban.pid
+#
+pidfile = /run/fail2ban/fail2ban.pid
+
+# vim: filetype=dosini
#
logtarget = /var/log/fail2ban.log
+# Option: syslogsocket
+# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
+# auto uses platform.system() to determine predefined paths
+# Values: [ auto | FILE ] Default: auto
+syslogsocket = auto
+
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
-##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $
+##VERSION: $Id: 2013-08-20 21:38:40 -0400 0404e6724c4edec3859842fb06d86c3ad52e8cc2$
#
# Copyright 2000-2005 Double Precision, Inc. See COPYING for
# distribution information.
-##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $
+##VERSION: $Id: 2013-08-20 21:38:40 -0400 0404e6724c4edec3859842fb06d86c3ad52e8cc2$
#
# Copyright 2000-2005 Double Precision, Inc. See COPYING for
# distribution information.
-##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $
+##VERSION: $Id: authldaprc 265 2013-02-25 03:49:33Z mrsam $
#
# Copyright 2000-2004 Double Precision, Inc. See COPYING for
# distribution information.
#
# LDAP_AUTHBIND 1
+##NAME: LDAP_INITBIND:1
+#
+# Define this to do an initial bind to the adminstrator DN set in LDAP_BINDDN.
+# If your LDAP server allows access without a bind, or you want to authenticate
+# using a rebind (and have set LDAP_AUTHBIND to 1, you can set this to 0 and
+# need not write the LDAP-Admin passwort into this file.
+#
+LDAP_INITBIND 1
+
##NAME: LDAP_MAIL:0
#
# Here's the field on which we query
-##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $
+##VERSION: $Id: authldaprc 265 2013-02-25 03:49:33Z mrsam $
#
# Copyright 2000-2004 Double Precision, Inc. See COPYING for
# distribution information.
#
# LDAP_AUTHBIND 1
+##NAME: LDAP_INITBIND:1
+#
+# Define this to do an initial bind to the adminstrator DN set in LDAP_BINDDN.
+# If your LDAP server allows access without a bind, or you want to authenticate
+# using a rebind (and have set LDAP_AUTHBIND to 1, you can set this to 0 and
+# need not write the LDAP-Admin passwort into this file.
+#
+LDAP_INITBIND 1
+
##NAME: LDAP_MAIL:0
#
# Here's the field on which we query
-postgres_ebuilds="${postgres_ebuilds} postgresql-9.4.1"
+postgres_ebuilds="${postgres_ebuilds} postgresql-9.4.2"
------
HTTPError
Any issues with badips.com request.
+ ValueError
+ If badips.com response didn't contain necessary information
"""
try:
response = urlopen(
messages['err'])
raise
else:
- categories = json.loads(response.read().decode('utf-8'))['categories']
+ response_json = json.loads(response.read().decode('utf-8'))
+ if not 'categories' in response_json:
+ err = "badips.com response lacked categories specification. Response was: %s" \
+ % (response_json,)
+ self._logSys.error(err)
+ raise ValueError(err)
+ categories = response_json['categories']
categories_names = set(
value['Name'] for value in categories)
if incParents:
# Values: CMD
#
# requires an ipfw rule like "deny ip from table(1) to me"
-actionban = ipfw table <table> add <ip>
+actionban = e=`ipfw table <table> add <ip> 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XADD): File exists' ] || { echo "$e" 1>&2; exit $x; }
# Option: actionunban
# Tags: See jail.conf(5) man page
# Values: CMD
#
-actionunban = ipfw table <table> delete <ip>
+actionunban = e=`ipfw table <table> delete <ip> 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process' ] || { echo "$e" 1>&2; exit $x; }
[Init]
# Option: table
--- /dev/null
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
+ firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
+ firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -j f2b-<name>
+ firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
+ firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
+
+
+# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-recidive$'
+
+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+chain = INPUT_direct
+
+# DEV NOTES:
+#
+# Author: Donald Yandt
+# Uses "FirewallD" instead of the "iptables daemon".
+#
+#
+# Output:
+
+# actionstart:
+# $ firewall-cmd --direct --add-chain ipv4 filter f2b-recidive
+# success
+# $ firewall-cmd --direct --add-rule ipv4 filter f2b-recidive 1000 -j RETURN
+# success
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-recidive
+# success
+
--- /dev/null
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
+ firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
+ firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+ firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
+ firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
+
+# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
+
+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+name = default
+
+chain = INPUT_direct
+
+# Could also use port numbers separated by a comma.
+port = 1:65535
+
+
+# Option: protocol
+# Values: [ tcp | udp | icmp | all ]
+
+protocol = tcp
+
+
+
+# DEV NOTES:
+#
+# Author: Donald Yandt
+# Uses "FirewallD" instead of the "iptables daemon".
+#
+#
+# Output:
+# actionstart:
+# $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity
+# success
+# $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN
+# success
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
+# success
+# actioncheck:
+# $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
+# f2b-apache-modsecurity
+
actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
- firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -
-dport <port> -j f2b-<name>
+ firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -
m multiport --dports <port> -j f2b-<name>
-actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -
-dport <port> -j f2b-<name>
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -
m multiport --dports <port> -j f2b-<name>
firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
# success
# $ firewall-cmd --direct --add-rule ipv4 filter fail2ban-name 1000 -j RETURN
# success
-# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp --dport 22 -j fail2ban-name
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 22 -j fail2ban-name
# success
# $ firewall-cmd --direct --get-chains ipv4 filter
# fail2ban-name
Here is more information about <ip>:\n
`whois <ip> || echo missing whois program`\n\n
Lines containing IP:<ip> in <logpath>\n
- `grep '[^0-9]<ip>[^0-9]' <logpath>`\n\n
+ `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest>
--- /dev/null
+# Fail2Ban configuration file
+#
+# Author: Andrew St. Jean
+#
+# Use nsupdate to perform dynamic DNS updates on a BIND zone file.
+# One may want to do this to update a local RBL with banned IP addresses.
+#
+# Options
+#
+# domain DNS domain that will appear in nsupdate add and delete
+# commands.
+#
+# ttl The time to live (TTL) in seconds of the TXT resource
+# record.
+#
+# rdata Data portion of the TXT resource record.
+#
+# nsupdatecmd Full path to the nsupdate command.
+#
+# keyfile Full path to TSIG key file used for authentication between
+# nsupdate and BIND.
+#
+# Create an nsupdate.local to set at least the <domain> and <keyfile>
+# options as they don't have default values.
+#
+# The ban and unban commands assume nsupdate will authenticate to the BIND
+# server using a TSIG key. The full path to the key file must be specified
+# in the <keyfile> parameter. Use this command to generate your TSIG key.
+#
+# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST <key_name>
+#
+# Replace <key_name> with some meaningful name.
+#
+# This command will generate two files. Specify the .private file in the
+# <keyfile> option. Note that the .key file must also be present in the same
+# directory for nsupdate to use the key.
+#
+# Don't forget to add the key and appropriate allow-update or update-policy
+# option to your named.conf file.
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart =
+
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop =
+
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionban = echo <ip> | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1".<domain> TXT"; print "update add "$4"."$3"."$2"."$1".<domain> <ttl> IN TXT \"<rdata>\""; print "send"}' | <nsupdatecmd> -k <keyfile>
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionunban = echo <ip> | awk -F. '{print "update delete "$4"."$3"."$2"."$1".<domain>"; print "send"}' | <nsupdatecmd> -k <keyfile>
+
+[Init]
+
+# Option: domain
+# Notes.: DNS domain that nsupdate will update.
+# Values: STRING
+#
+domain =
+
+# Option: ttl
+# Notes.: time to live (TTL) in seconds of TXT resource record
+# added by nsupdate.
+# Values: NUM
+#
+ttl = 60
+
+# Option: rdata
+# Notes.: data portion of the TXT resource record added by nsupdate.
+# Values: STRING
+#
+rdata = Your IP has been banned
+
+# Option: nsupdatecmd
+# Notes.: specifies the full path to the nsupdate program that dynamically
+# updates BIND zone files.
+# Values: CMD
+#
+nsupdatecmd = /usr/bin/nsupdate
+
+# Option: keyfile
+# Notes.: specifies the full path to the file containing the
+# TSIG key for communicating with BIND.
+# Values: STRING
+#
+keyfile =
+
# Values: CMD
#
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on `uname -n`
- Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+ Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
# Values: CMD
#
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
- Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+ Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
--- /dev/null
+# Fail2Ban configuration file
+#
+# Author: Viktor Szépe
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+
+[Definition]
+
+# Option: actionban
+# Notes.: Command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# You need to install geoiplookup and the GeoLite or GeoIP databases.
+# (geoip-bin and geoip-database in Debian)
+# The host command comes from bind9-host package.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
+ Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
+ From: <sendername> <<sender>>
+ To: <dest>\n
+ Hi,\n
+ The IP <ip> has just been banned by Fail2Ban after
+ <failures> attempts against <name>.\n\n
+ Here is more information about <ip>:\n
+ http://bgp.he.net/ip/<ip>
+ http://www.projecthoneypot.org/ip_<ip>
+ http://whois.domaintools.com/<ip>\n\n
+ Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`
+ AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
+ hostname: `host -t A <ip> 2>&1`\n\n
+ Lines containing IP:<ip> in <logpath>\n
+ `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
+ Regards,\n
+ Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+ Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
- Here are more information about <ip>:\n
+ Here is more information about <ip>:\n
`/usr/bin/whois <ip>`\n\n
Matches for <name> with <ipjailfailures> failures IP:<ip>\n
<ipjailmatches>\n\n
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+ Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
- Here are more information about <ip>:\n
+ Here is more information about <ip>:\n
`/usr/bin/whois <ip>`\n\n
Matches with <ipfailures> failures IP:<ip>\n
<ipmatches>\n\n
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+ Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
Here is more information about <ip>:\n
`/usr/bin/whois <ip> || echo missing whois program`\n\n
Lines containing IP:<ip> in <logpath>\n
- `grep '[^0-9]<ip>[^0-9]' <logpath>`\n\n
+ `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+ Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
- Here are more information about <ip>:\n
+ Here is more information about <ip>:\n
`/usr/bin/whois <ip>`\n\n
Matches:\n
<matches>\n\n
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+ Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+ Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
actioncheck =
-actionban = [ -n "<application>" ] && app="app <application>" ; ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
+actionban = [ -n "<application>" ] && app="app <application>"
+ ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
-actionunban = [ -n "<application>" ] && app="app <application>" ; ufw delete <blocktype> from <ip> to <destination> $app
+actionunban = [ -n "<application>" ] && app="app <application>"
+ ufw delete <blocktype> from <ip> to <destination> $app
[Init]
# Option: insertpos
REPORTID=<time>@`uname -n`
TLP=<tlp>
PORT=<port>
- DATE=`LC_TIME=C date -u --date=@<time> +"%%a, %%d %%h %%Y %%T +0000"`
+ DATE=`LC_TIME=C date --date=@<time> +"%%a, %%d %%h %%Y %%T %%z"`
if [ ! -z "$ADDRESSES" ]; then
(printf -- %%b "<header>\n<message>\n<report>\n";
date '+Note: Local timezone is %%z (%%Z)';
#
logtarget = /var/log/fail2ban.log
+# Option: syslogsocket
+# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
+# auto uses platform.system() to determine predefined paths
+# Values: [ auto | FILE ] Default: auto
+syslogsocket = auto
+
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
[INCLUDES]
# overwrite with apache-common.local if _apache_error_client is incorrect.
+# Load regexes for filtering from botsearch-common.conf
before = apache-common.conf
+ botsearch-common.conf
[Definition]
# Webroot represents the webroot on which all other files are based
webroot = /var/www/
-# Block is the actual non-found directories to block
-block = (<webmail>|<phpmyadmin>|<wordpress>)[^,]*
-
-# These are just convient definitions that assist the blocking of stuff that
-# isn't installed
-webmail = roundcube|(ext)?mail|horde|(v-?)?webmail
-
-phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)
-
-wordpress = wp-(login|signup)\.php
# DEV Notes:
#
-# Author: Daniel Black
+# Author: Daniel Black
\ No newline at end of file
--- /dev/null
+# Fail2Ban filter for fake Googlebot User Agents
+
+[Definition]
+
+failregex = ^<HOST> .*Googlebot.*$
+
+ignoreregex =
+
+
+# DEV Notes:
+#
+# Author: Lee Clemens
+# Thanks: Johannes B. Ullrich, Ph.D.
+# Reference: https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s No registration for peer '[^']*' \(from <HOST>\)$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> failed MD5 authentication for '[^']*' \([^)]+\)$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Failed to authenticate (user|device) [^@]+@<HOST>\S*$
- ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s (?:handle_request_subscribe: )?Sending fake auth rejection for (device|user) \d*<sip:[^@]+@<HOST>>;tag=\w+\S*$
+ ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s hacking attempt detected '<HOST>'$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="[\d-]+",Severity="[\w]+",Service="[\w]+",EventVersion="\d+",AccountID="\d*",SessionID="0x[\da-f]+",LocalAddress="IPV[46]/(UD|TC)P/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UD|TC)P/<HOST>/\d+"(,Challenge="\w+",ReceivedChallenge="\w+")?(,ReceivedHash="[\da-f]+")?(,ACLName="\w+")?$
^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? )Ext\. s: "Rejecting unknown SIP connection from <HOST>"$
--- /dev/null
+# Generic configuration file for -botsearch filters
+
+[Init]
+
+# Block is the actual non-found directories to block
+block = \/?(<webmail>|<phpmyadmin>|<wordpress>|cgi-bin|mysqladmin)[^,]*
+
+# These are just convient definitions that assist the blocking of stuff that
+# isn't installed
+webmail = roundcube|(ext)?mail|horde|(v-?)?webmail
+
+phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)
+
+wordpress = wp-(login|signup)\.php
+
+# DEV Notes:
+# Taken from apache-botsearch filter
+#
+# Author: Frantisek Sumsal
\ No newline at end of file
# This can be optional (for instance if we match named native log files)
__prefix_line = \s*%(__bsd_syslog_verbose)s?\s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s%(__daemon_extra_re)s?\s*
+# PAM authentication mechanism check for failures, e.g.: pam_unix, pam_sss,
+# pam_ldap
+__pam_auth = pam_unix
+
# Author: Yaroslav Halchenko
failregex = ^: Bad Rcon: "rcon \d+ "\S+" sv_contact ".*?"" from "<HOST>:\d+"$
+ignoreregex =
[Init]
_daemon = (auth|dovecot(-auth)?|auth-worker)
-failregex = ^%(__prefix_line)s(pam_unix(\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\S*)?\s*$
+failregex = ^%(__prefix_line)s(%(__pam_auth)s(\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\S*)?\s*$
^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<\S*>,)?( method=\S+,)? rip=<HOST>(, lip=(\d{1,3}\.){3}\d{1,3})?(, TLS( handshaking(: SSL_accept\(\) failed: error:[\dA-F]+:SSL routines:[TLS\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\S+>)?\s*$
- ^%(__prefix_line)s(Info|dovecot: auth\(default\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$
+ ^%(__prefix_line)s(Info|dovecot: auth\(default\)|auth-worker\(\d+\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$
+ ^%(__prefix_line)sauth-worker\(\d+\): pam\(\S+,<HOST>\): unknown user\s*$
ignoreregex =
--- /dev/null
+# Fail2Ban filter to block repeated failed login attempts to Drupal site(s)
+#
+#
+# Drupal must be setup to use Syslog, which defaults to the following format:
+#
+# !base_url|!timestamp|!type|!ip|!request_uri|!referer|!uid|!link|!message
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+
+[Definition]
+
+failregex = ^%(__prefix_line)s(https?:\/\/)([\da-z\.-]+)\.([a-z\.]{2,6})(\/[\w\.-]+)*\|\d{10}\|user\|<HOST>\|.+\|.+\|\d\|.*\|Login attempt failed for .+\.$
+
+ignoreregex =
+
+
+# DEV Notes:
+#
+# https://www.drupal.org/documentation/modules/syslog
+#
+# Author: Lee Clemens
[Definition]
failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
- ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\]: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
+ ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$
^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$
- ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\]:\d+ )?dropped: too many nonmail commands \(last was "\S+"\)\s*$
+ ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)? )?dropped: too many nonmail commands \(last was "\S+"\)\s*$
ignoreregex =
failregex = ^\[\]LOGIN FAILED for user: "\S+" from IP: <HOST>$
-
+ignoreregex =
# Author: Daniel Black
--- /dev/null
+#!/usr/bin/python
+# Inspired by https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
+#
+# Written in Python to reuse built-in Python batteries and not depend on
+# presence of host and cut commands
+#
+import sys
+
+def process_args(argv):
+ if len(argv) != 2:
+ sys.stderr.write("Please provide a single IP as an argument. Got: %s\n"
+ % (argv[1:]))
+ sys.exit(2)
+
+ ip = argv[1]
+
+ from fail2ban.server.filter import DNSUtils
+ if not DNSUtils.isValidIP(ip):
+ sys.stderr.write("Argument must be a single valid IP. Got: %s\n"
+ % ip)
+ sys.exit(3)
+ return ip
+
+def is_googlebot(ip):
+ import re
+ from fail2ban.server.filter import DNSUtils
+
+ host = DNSUtils.ipToName(ip)
+ sys.exit(0 if (host and re.match('crawl-.*\.googlebot\.com', host)) else 1)
+
+if __name__ == '__main__':
+ is_googlebot(process_args(sys.argv))
^ IP address <HOST> found in DNS blacklist \S+, mail from \S+ to \S+$
^ Relay attempt from IP address <HOST>
^ Attempt to deliver to unknown recipient \S+, from \S+, IP address <HOST>$
+
+ignoreregex =
+
[Init]
datepattern = ^\[%%d/%%b/%%Y %%H:%%M:%%S\]
failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied unknown user '\w+' accessing monit httpd$
^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied wrong password for user '\w+' accessing monit httpd$
+ignoreregex =
^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: zone transfer '\S+/AXFR/\w+' denied\s*$
^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: bad zone transfer request: '\S+/IN': non-authoritative zone \(NOTAUTH\)\s*$
+ignoreregex =
+
# DEV Notes:
# Trying to generalize the
# structure which is general to capture general patterns in log
--- /dev/null
+# Fail2Ban filter to match web requests for selected URLs that don't exist
+#
+
+[INCLUDES]
+
+# Load regexes for filtering
+before = botsearch-common.conf
+
+[Definition]
+
+failregex = ^<HOST> \- \S+ \[\] \"(GET|POST) \/<block> \S+\" 404 .+$
+ ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST) \/<block> \S+\"\, .*?$
+
+ignoreregex =
+
+
+# DEV Notes:
+# Based on apache-botsearch filter
+#
+# Author: Frantisek Sumsal
\ No newline at end of file
failregex = ^\[\]%(__prefix_line)sinfo: ratelimit block .* query <HOST> TYPE255$
^\[\]%(__prefix_line)sinfo: .* <HOST> refused, no acl matches\.$
+
+ignoreregex =
# Default: catch all failed logins
_ttys_re=\S*
-__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
+__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
_daemon = \S+
failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
failregex = \/<HOST> Port\: [0-9]+ (TCP|UDP) Blocked$
+ignoreregex =
+
# Author: Pacop <pacoparu@gmail.com>
--- /dev/null
+# Fail2Ban filter for Postfix's RBL based Blocked hosts
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = postfix/smtpd
+
+failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
+
+ignoreregex =
+
+# Author: Lee Clemens
_daemon = postfix/(submission/)?smtp(d|s)
-failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
+failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$
-ignoreregex =
+ignoreregex = authentication failed: Connection lost to authentication server$
[Init]
_daemon = postfix/(submission/)?smtp(d|s)
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
+ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$
^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$
failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+ignoreregex =
+
[Init]
journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5
failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/403 .*$
^\s+\d\s<HOST>\s+NONE/405 .*$
-
+ignoreregex =
# Author: Daniel Black
failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect\.$
+ignoreregex =
[Init]
^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$
^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$
^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$
+ ^%(__prefix_line)spam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$
ignoreregex =
failregex = ^ LOG\d\[\d+:\d+\]:\ SSL_accept from <HOST>:\d+ : (?P<CODE>[\dA-F]+): error:(?P=CODE):SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate$
+ignoreregex =
+
# DEV NOTES:
#
# Author: Daniel Black
[Definition]
-__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
+__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
_daemon = vsftpd
failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
[Definition]
_daemon = wu-ftpd
-__pam_re=\(?pam_unix(?:\(wu-ftpd:auth\))?\)?:?
+__pam_re=\(?%(__pam_auth)s(?:\(wu-ftpd:auth\))?\)?:?
failregex = ^%(__prefix_line)sfailed login from \S+ \[<HOST>\]\s*$
^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
# See "journalmatch" in the jails associated filter config
# auto: will try to use the following backends, in order:
# pyinotify, gamin, polling.
+#
+# Note: if systemd backend is choses as the default but you enable a jail
+# for which logs are present only in its own log files, specify some other
+# backend for that jail (e.g. polling) and provide empty value for
+# journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
backend = auto
# "usedns" specifies if jails should trust hostnames in logs,
maxretry = 2
+[apache-fakegooglebot]
+
+port = http,https
+logpath = %(apache_access_log)s
+maxretry = 1
+ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
+
+
[apache-modsecurity]
port = http,https
[apache-shellshock]
port = http,https
-logpath = $(apache_error_log)s
+logpath = %(apache_error_log)s
maxretry = 1
[nginx-http-auth]
-ports = http,https
+port = http,https
logpath = %(nginx_error_log)s
+[nginx-botsearch]
+
+port = http,https
+logpath = %(nginx_error_log)s
+maxretry = 2
# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
[php-url-fopen]
port = http,https
-logpath = %(nginx_access_log)s %(apache_access_log)s
+logpath = %(nginx_access_log)s
+ %(apache_access_log)s
[suhosin]
#
#
+[drupal-auth]
+
+port = http,https
+logpath = %(syslog_daemon)s
+
[guacamole]
port = http,https
logpath = %(postfix_log)s
+[postfix-rbl]
+
+port = smtp,465,submission
+logpath = %(syslog_mail)s
+maxretry = 1
+
+
[sendmail-auth]
port = submission,465,smtp
# Jail for more extended banning of persistent abusers
-# !!! WARNING !!!
-# Make sure that your loglevel specified in fail2ban.conf/.local
-# is not at DEBUG level -- which might then cause fail2ban to fall into
-# an infinite loop constantly feeding itself with non-informative lines
+# !!! WARNINGS !!!
+# 1. Make sure that your loglevel specified in fail2ban.conf/.local
+# is not at DEBUG level -- which might then cause fail2ban to fall into
+# an infinite loop constantly feeding itself with non-informative lines
+# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
+# to maintain entries for failed logins for sufficient amount of time
[recidive]
logpath = /var/log/fail2ban.log
-port = all
-protocol = all
+banaction = iptables-allports
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 5
[portsentry]
enabled = false
logpath = /var/lib/portsentry/portsentry.history
-maxretry = 1
\ No newline at end of file
+maxretry = 1
solidpop3d_log = %(syslog_local0)s
mysql_log = %(syslog_daemon)s
+
+# Directory with ignorecommand scripts
+ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands
#!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd.rc6,v 1.4 2014/11/20 10:25:15 mrueg Exp $
depend() {
need net courier-authlib
#!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd-ssl.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd-ssl.rc6,v 1.4 2014/11/20 10:25:15 mrueg Exp $
depend() {
need net courier-authlib
#!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d.rc6,v 1.4 2014/11/20 10:25:15 mrueg Exp $
depend() {
need net courier-authlib
#!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d-ssl.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d-ssl.rc6,v 1.4 2014/11/20 10:25:15 mrueg Exp $
depend() {
need net courier-authlib
-auth required pam_securetty.so
auth include system-local-login
account include system-local-login
password include system-local-login
auth required pam_env.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
-
account required pam_unix.so
account optional pam_permit.so
-
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
-
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
auth required pam_nologin.so
auth include system-auth
auth optional pam_gnome_keyring.so
-
account required pam_access.so
account required pam_nologin.so
account include system-auth
account required pam_tally2.so onerr=succeed
-
password include system-auth
password optional pam_gnome_keyring.so
-
session optional pam_loginuid.so
session required pam_env.so
session optional pam_lastlog.so silent
session optional pam_gnome_keyring.so auto_start
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so
-
#PHP_TARGETS="php5-3"
PHP_TARGETS="php5-3 php5-5"
PYTHON_TARGETS="python2_7 python3_3 python3_4"
+PYTHON_SINGLE_TARGET="python3_4"
RUBY_TARGETS="ruby19"
CPU_FLAGS_X86="aes avx fma4 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 xop"
app-crypt/gnupg idea
-app-doc/doxygen dot
+app-doc/doxygen clang dot
app-editors/vim cscope racket vim-with-x
app-shells/bash plugins
+app-text/asciidoc python_single_target_python2_7
app-text/ghostscript-gpl cups
app-text/texlive xetex
app-text/texlive-core xetex
dev-db/phpmyadmin setup
dev-db/postgresql server uuid xml
dev-db/postgresql-server uuid
-dev-db/sqlite extensions fts3 soundex unlock-notify
+dev-db/sqlite extensions fts3 soundex tools unlock-notify
dev-db/unixODBC odbcmanual
mail-mta/postfix memcached
+media-fonts/corefonts tahoma
+
media-gfx/album ffmpeg plugins themes
media-gfx/exiv2 contrib xmp
media-gfx/graphicsmagick fpx
# move net-analyzer/nagios-nrpe net-analyzer/nrpe
net-analyzer/nrpe command-args
-net-analyzer/nagios-plugins nagios-dns nagios-ntp nagios-ping nagios-ssh smart sudo
+net-analyzer/nagios-plugins nagios-dns nagios-ntp nagios-ping nagios-ssh smart sudo xmpp
net-analyzer/net-snmp diskio elf extensible lm_sensors mfd-rewrites sendmail smux
net-analyzer/pb-nagios-plugins nrpe
net-analyzer/tcpdump -samba
sys-boot/grub device-mapper
sys-devel/gcc gcj libffi mudflap objc objc-gc objc++
+sys-devel/llvm clang
sys-fs/lvm2 lvm2create_initrd
sys-kernel/vanilla-sources -doc
sys-libs/pam audit
+sys-libs/readline utils
sys-fs/quota rpc
sys-fs/udev devfs-compat edd extras hwdb
sys-process/lsof rpc
+virtual/ffmpeg libav
+
www-apps/egroupware gallery
www-apps/trac i18n
<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
<public publicId="-//OMF//DTD Scrollkeeper OMF Variant V1.0//EN" uri="/usr/share/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd"/>
<system systemId="http://scrollkeeper.sourceforge.net/dtds/scrollkeeper-omf-1.0/scrollkeeper-omf.dtd" uri="/usr/share/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd"/>
- <system systemId="http://glade.gnome.org/glade-2.0.dtd" uri="/usr/share/xml/libglade/glade-2.0.dtd"/>
<delegatePublic publicIdStartString="-//OASIS//ENTITIES DocBook" catalog="file:///etc/xml/docbook"/>
<delegatePublic publicIdStartString="-//OASIS//ELEMENTS DocBook" catalog="file:///etc/xml/docbook"/>
<delegatePublic publicIdStartString="-//OASIS//DTD DocBook" catalog="file:///etc/xml/docbook"/>
<delegatePublic publicIdStartString="ISO 8879:1986" catalog="file:///etc/xml/docbook"/>
<delegateSystem systemIdStartString="http://docbook.sourceforge.net/release/xsl/" catalog="file:///etc/xml/docbook"/>
<delegateURI uriStartString="http://docbook.sourceforge.net/release/xsl/" catalog="file:///etc/xml/docbook"/>
+ <system systemId="http://glade.gnome.org/glade-2.0.dtd" uri="/usr/share/xml/libglade/glade-2.0.dtd"/>
</catalog>
projects / config / uhu1 / etc.git / commitdiff