- Update to 0.84

- Install sample jail.conf and fail2ban.conf files so that when users
   modify the fail2ban.conf and jail.conf files they are not removed.
- Add an IPFW example using IPFW tables
- Created freebsd sshd and ftp example conf files.

Submitted by:   Ken Menzel <kmenzel@whisolutions.com> (via e-mail)

5 files changed, 157 insertions, 11 deletions

diff --git a/security/py-fail2ban/files/patch-bsd-ipfw.conf b/security/py-fail2ban/files/patch-bsd-ipfw.conf
new file mode 100644
index 000000000000..b0ffb2468a7f
--- /dev/null
+++ b/security/py-fail2ban/files/patch-bsd-ipfw.conf
@@ -0,0 +1,68 @@
+--- /dev/null	2010-01-12 16:33:00.000000000 -0500
++++ ./config/action.d/bsd-ipfw.conf	2010-01-12 16:26:51.000000000 -0500
+@@ -0,0 +1,65 @@
++# Fail2Ban configuration file
++#
++# Author: Nick Munger
++# Modified by: Ken Menzel
++#
++
++[Definition]
++
++# Option:  actionstart
++# Notes.:  command executed once at the start of Fail2Ban.
++# Values:  CMD
++#
++actionstart = 
++
++
++# Option:  actionstop
++# Notes.:  command executed once at the end of Fail2Ban
++# Values:  CMD
++#
++actionstop = 
++
++
++# Option:  actioncheck
++# Notes.:  command executed once before each actionban command
++# Values:  CMD
++#
++actioncheck = 
++
++
++# Option:  actionban
++# Notes.:  command executed when banning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <failures>  number of failures
++#          <time>  unix timestamp of the ban time
++# Values:  CMD
++#
++# requires an ipfw rule like "deny ip from table(1) to me"
++actionban = ipfw table 1 add <ip>
++
++
++# Option:  actionunban
++# Notes.:  command executed when unbanning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <failures>  number of failures
++#          <time>  unix timestamp of the ban time
++# Values:  CMD
++#
++actionunban = ipfw table 1 delete <ip>
++
++[Init]
++
++# Option:  port
++# Notes.:  specifies port to monitor
++# Values:  [ NUM | STRING ]
++#
++#port = ssh
++port = ftp
++
++# Option:  localhost
++# Notes.:  the local IP address of the network interface
++# Values:  IP
++#
++localhost = 127.0.0.1
diff --git a/security/py-fail2ban/files/patch-bsd-sshd.conf b/security/py-fail2ban/files/patch-bsd-sshd.conf
new file mode 100644
index 000000000000..d39ef67f1ca0
--- /dev/null
+++ b/security/py-fail2ban/files/patch-bsd-sshd.conf
@@ -0,0 +1,43 @@
+--- /dev/null	2010-01-12 16:33:00.000000000 -0500
++++ ./config/filter.d/bsd-sshd.conf	2010-01-12 16:26:22.000000000 -0500
+@@ -0,0 +1,40 @@
++# Fail2Ban configuration file
++#
++# Author: Cyril Jaquier
++#
++# $Revision: 663 $
++#
++
++[INCLUDES]
++
++# Read common prefixes. If any customizations available -- read them from
++# common.local
++before = common.conf
++
++
++[Definition]
++
++_daemon = sshd
++
++# Option:  failregex
++# Notes.:  regex to match the password failures messages in the logfile. The
++#          host must be matched by a group named "host". The tag "<HOST>" can
++#          be used for standard IP/hostname matching and is only an alias for
++#          (?:::f{4,6}:)?(?P<host>\S+)
++# Values:  TEXT
++#
++failregex = ^%(__prefix_line)s(?:error: PAM: )?[A|a]uthentication (?:failure|error) for .* from <HOST>\s*$
++            ^%(__prefix_line)sDid not receive identification string from <HOST>$
++            ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
++            ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
++            ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
++            ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$
++            ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
++            ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
++            ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT!$
++
++# Option:  ignoreregex
++# Notes.:  regex to ignore. If this regex matches, the line is ignored.
++# Values:  TEXT
++#
++ignoreregex = 
diff --git a/security/py-fail2ban/files/patch-bsdftp.conf b/security/py-fail2ban/files/patch-bsdftp.conf
new file mode 100644
index 000000000000..65be3212fb72
--- /dev/null
+++ b/security/py-fail2ban/files/patch-bsdftp.conf
@@ -0,0 +1,43 @@
+--- /dev/null	2010-01-12 16:33:00.000000000 -0500
++++ ./config/filter.d/bsdftp.conf	2010-01-12 16:26:27.000000000 -0500
+@@ -0,0 +1,40 @@
++# Fail2Ban configuration file
++#
++# Author: Ken Menzel
++#
++#
++
++[INCLUDES]
++
++# Read common prefixes. If any customizations available -- read them from
++# common.local
++before = common.conf
++
++
++[Definition]
++
++_daemon = ftpd
++#
++#
++# Option: failregex
++# Notes.: regex to match the password failures messages in the logfile. The
++#          host must be matched by a group named "host". The tag "<HOST>" can
++#          be used for standard IP/hostname matching and is only an alias for
++#          (?:::f{4,6}:)?(?P<host>\S+)
++# Values: TEXT
++#
++failregex = ^%(__prefix_line)sFTP LOGIN FAILED FROM <HOST>,\s*.*$
++
++
++#	\(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
++#     \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
++#     \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
++#     \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
++
++# May 28 15:11:53 freebsd4 ftpd[26191]: FTP LOGIN FAILED FROM freebsd4, dsf
++#
++# Option:  ignoreregex
++# Notes.:  regex to ignore. If this regex matches, the line is ignored.
++# Values:  TEXT
++#
++ignoreregex = 
diff --git a/security/py-fail2ban/files/patch-config__filter.d__sshd.conf b/security/py-fail2ban/files/patch-config__filter.d__sshd.conf
deleted file mode 100644
index aae819436ece..000000000000
--- a/security/py-fail2ban/files/patch-config__filter.d__sshd.conf
+++ /dev/null
@@ -1,11 +0,0 @@
---- ./config/filter.d/sshd.conf.orig	2009-07-22 11:52:29.236981029 -0400
-+++ ./config/filter.d/sshd.conf	2009-07-22 11:52:42.853934580 -0400
-@@ -23,7 +23,7 @@
- #          (?:::f{4,6}:)?(?P<host>\S+)
- # Values:  TEXT
- #
--failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
-+failregex = ^%(__prefix_line)s(?:error: PAM: )?[A|a]uthentication failure for .* from <HOST>\s*$
-             ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
-             ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
-             ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
diff --git a/security/py-fail2ban/pkg-plist b/security/py-fail2ban/pkg-plist
index 03b66c11c33f..c73ef9e2ab2e 100644
--- a/security/py-fail2ban/pkg-plist
+++ b/security/py-fail2ban/pkg-plist
@@ -73,6 +73,8 @@ bin/fail2ban-regex
 %%PYTHON_SITELIBDIR%%/server/faildata.pyc
 %%ETCDIR%%/fail2ban.conf
 %%ETCDIR%%/jail.conf
+%%ETCDIR%%/filter.d/bsd-sshd.conf
+%%ETCDIR%%/filter.d/bsdftp.conf
 %%ETCDIR%%/filter.d/vsftpd.conf
 %%ETCDIR%%/filter.d/gssftpd.conf
 %%ETCDIR%%/filter.d/proftpd.conf
@@ -111,6 +113,7 @@ bin/fail2ban-regex
 %%ETCDIR%%/action.d/hostsdeny.conf
 %%ETCDIR%%/action.d/iptables.conf
 %%ETCDIR%%/action.d/sendmail-whois.conf
+%%ETCDIR%%/action.d/bsd-ipfw.conf
 @dirrm %%ETCDIR%%/filter.d
 @dirrm %%ETCDIR%%/action.d
 @dirrm %%ETCDIR%%