From 8c6d2a12033c26ca6a87b19eeb6407ca34d20144 Mon Sep 17 00:00:00 2001
From: athimm <athimm@fedoraproject.org>
Date: Jun 03 2007 11:22:01 +0000
Subject: Fix sshd filter to spot attempts to log in as a user not in AllowUsers

    (#241695)

---

diff --git a/fail2ban-0.8-sshd-filter.diff b/fail2ban-0.8-sshd-filter.diff
new file mode 100644
index 0000000..49fb8e1
--- /dev/null
+++ b/fail2ban-0.8-sshd-filter.diff
@@ -0,0 +1,10 @@
+--- fail2ban-0.8.0/config/filter.d/sshd.conf.original	2007-05-27 22:44:14.000000000 +0100
++++ fail2ban-0.8.0/config/filter.d/sshd.conf	2007-05-27 22:44:48.000000000 +0100
+@@ -18,6 +18,7 @@
+             Failed [-/\w]+ for .* from <HOST>
+             ROOT LOGIN REFUSED .* FROM <HOST>
+             [iI](?:llegal|nvalid) user .* from <HOST>
++            User .* from <HOST> not allowed because not listed in AllowUsers
+ 
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/fail2ban.spec b/fail2ban.spec
index a735c95..2c7129f 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,9 +1,10 @@
+# Not defined in Fedora's buildsystem
 %global _initdir %{_sysconfdir}/rc.d/init.d
 
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.0
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPL
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -11,6 +12,7 @@ Source0: http://prdownloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
 Source1: fail2ban-logrotate
 Patch0: fail2ban-0.8.0-init.patch
 Patch1: fail2ban-0.8.0-sshd.patch
+Patch2: fail2ban-0.8-sshd-filter.diff
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.4
 BuildArch: noarch
@@ -28,6 +30,7 @@ failures. It updates firewall rules to reject the IP address.
 %setup -q
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
+%patch2 -p1 -b .sshdallowusersm
 
 %build
 python setup.py build
@@ -73,6 +76,10 @@ fi
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
 
 %changelog
+* Sun Jun  3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8
+- Also trigger on non-AllowUsers failures (Jonathan Underwood
+  <jonathan.underwood@gmail.com>).
+
 * Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7
 - logrotate should restart fail2ban (Zing <zing@fastmail.fm>).
 - send mail to root; logrotate (Jonathan Underwood