From: yarikoptic Date: Wed, 23 Mar 2011 20:35:56 +0000 (+0000) Subject: BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs... X-Git-Tag: upstream/0.8.4+svn20110323^2~8 X-Git-Url: http://git.onerussian.com/?p=deb%2Ffail2ban.git;a=commitdiff_plain;h=ea7d352616b1e2232fcaa99b11807a86ce29ed8b BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see bugs.debian.org/544232 It should be robust since /var/run/fail2ban is guaranteed to exist to carry the socket file, and it will be owned by root (or some other dedicated fail2ban user) thus avoiding possibility for the exploit git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf index b80698b..8549a55 100644 --- a/config/action.d/dshield.conf +++ b/config/action.d/dshield.conf @@ -206,5 +206,5 @@ dest = reports@dshield.org # Notes.: Base name of temporary files used for buffering # Values: [ STRING ] Default: /tmp/fail2ban-dshield # -tmpfile = /tmp/fail2ban-dshield +tmpfile = /var/run/fail2ban/tmp-dshield diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf index 8a33d0e..6fd51d2 100644 --- a/config/action.d/mail-buffered.conf +++ b/config/action.d/mail-buffered.conf @@ -81,7 +81,7 @@ lines = 5 # Default temporary file # -tmpfile = /tmp/fail2ban-mail.txt +tmpfile = /var/run/fail2ban/tmp-mail.txt # Destination/Addressee of the mail # diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf index 15b91b1..f0e5515 100644 --- a/config/action.d/mynetwatchman.conf +++ b/config/action.d/mynetwatchman.conf @@ -141,4 +141,4 @@ mnwurl = http://mynetwatchman.com/insertwebreport.asp # Notes.: Base name of temporary files # Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman # -tmpfile = /tmp/fail2ban-mynetwatchman +tmpfile = /var/run/fail2ban/tmp-mynetwatchman diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf index de8166a..25a23b7 100644 --- a/config/action.d/sendmail-buffered.conf +++ b/config/action.d/sendmail-buffered.conf @@ -101,5 +101,5 @@ lines = 5 # Default temporary file # -tmpfile = /tmp/fail2ban-mail.txt +tmpfile = /var/run/fail2ban/tmp-mail.txt