From 4486ad28df8497b1febbaf6672e6c9eed75c4a83 Mon Sep 17 00:00:00 2001
From: pgollucci <pgollucci@FreeBSD.org>
Date: Thu, 14 Jan 2010 04:41:12 +0000
Subject: - Update to 0.84 - Install sample jail.conf and fail2ban.conf files
so that when users modify the fail2ban.conf and jail.conf files they are
not removed. - Add an IPFW example using IPFW tables - Created freebsd sshd
and ftp example conf files.
Submitted by: Ken Menzel <kmenzel@whisolutions.com> (via e-mail)
---
security/py-fail2ban/files/patch-bsd-ipfw.conf | 68 ++++++++++++++++++++++
security/py-fail2ban/files/patch-bsd-sshd.conf | 43 ++++++++++++++
security/py-fail2ban/files/patch-bsdftp.conf | 43 ++++++++++++++
.../files/patch-config__filter.d__sshd.conf | 11 ----
security/py-fail2ban/pkg-plist | 3 +
5 files changed, 157 insertions(+), 11 deletions(-)
create mode 100644 security/py-fail2ban/files/patch-bsd-ipfw.conf
create mode 100644 security/py-fail2ban/files/patch-bsd-sshd.conf
create mode 100644 security/py-fail2ban/files/patch-bsdftp.conf
delete mode 100644 security/py-fail2ban/files/patch-config__filter.d__sshd.conf
(limited to 'security')
diff --git a/security/py-fail2ban/files/patch-bsd-ipfw.conf b/security/py-fail2ban/files/patch-bsd-ipfw.conf
new file mode 100644
index 00000000000..b0ffb2468a7
--- /dev/null
+++ b/security/py-fail2ban/files/patch-bsd-ipfw.conf
@@ -0,0 +1,68 @@
+--- /dev/null 2010-01-12 16:33:00.000000000 -0500
++++ ./config/action.d/bsd-ipfw.conf 2010-01-12 16:26:51.000000000 -0500
+@@ -0,0 +1,65 @@
++# Fail2Ban configuration file
++#
++# Author: Nick Munger
++# Modified by: Ken Menzel
++#
++
++[Definition]
++
++# Option: actionstart
++# Notes.: command executed once at the start of Fail2Ban.
++# Values: CMD
++#
++actionstart =
++
++
++# Option: actionstop
++# Notes.: command executed once at the end of Fail2Ban
++# Values: CMD
++#
++actionstop =
++
++
++# Option: actioncheck
++# Notes.: command executed once before each actionban command
++# Values: CMD
++#
++actioncheck =
++
++
++# Option: actionban
++# Notes.: command executed when banning an IP. Take care that the
++# command is executed with Fail2Ban user rights.
++# Tags: <ip> IP address
++# <failures> number of failures
++# <time> unix timestamp of the ban time
++# Values: CMD
++#
++# requires an ipfw rule like "deny ip from table(1) to me"
++actionban = ipfw table 1 add <ip>
++
++
++# Option: actionunban
++# Notes.: command executed when unbanning an IP. Take care that the
++# command is executed with Fail2Ban user rights.
++# Tags: <ip> IP address
++# <failures> number of failures
++# <time> unix timestamp of the ban time
++# Values: CMD
++#
++actionunban = ipfw table 1 delete <ip>
++
++[Init]
++
++# Option: port
++# Notes.: specifies port to monitor
++# Values: [ NUM | STRING ]
++#
++#port = ssh
++port = ftp
++
++# Option: localhost
++# Notes.: the local IP address of the network interface
++# Values: IP
++#
++localhost = 127.0.0.1
diff --git a/security/py-fail2ban/files/patch-bsd-sshd.conf b/security/py-fail2ban/files/patch-bsd-sshd.conf
new file mode 100644
index 00000000000..d39ef67f1ca
--- /dev/null
+++ b/security/py-fail2ban/files/patch-bsd-sshd.conf
@@ -0,0 +1,43 @@
+--- /dev/null 2010-01-12 16:33:00.000000000 -0500
++++ ./config/filter.d/bsd-sshd.conf 2010-01-12 16:26:22.000000000 -0500
+@@ -0,0 +1,40 @@
++# Fail2Ban configuration file
++#
++# Author: Cyril Jaquier
++#
++# $Revision: 663 $
++#
++
++[INCLUDES]
++
++# Read common prefixes. If any customizations available -- read them from
++# common.local
++before = common.conf
++
++
++[Definition]
++
++_daemon = sshd
++
++# Option: failregex
++# Notes.: regex to match the password failures messages in the logfile. The
++# host must be matched by a group named "host". The tag "<HOST>" can
++# be used for standard IP/hostname matching and is only an alias for
++# (?:::f{4,6}:)?(?P<host>\S+)
++# Values: TEXT
++#
++failregex = ^%(__prefix_line)s(?:error: PAM: )?[A|a]uthentication (?:failure|error) for .* from <HOST>\s*$
++ ^%(__prefix_line)sDid not receive identification string from <HOST>$
++ ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
++ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
++ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
++ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$
++ ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
++ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
++ ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT!$
++
++# Option: ignoreregex
++# Notes.: regex to ignore. If this regex matches, the line is ignored.
++# Values: TEXT
++#
++ignoreregex =
diff --git a/security/py-fail2ban/files/patch-bsdftp.conf b/security/py-fail2ban/files/patch-bsdftp.conf
new file mode 100644
index 00000000000..65be3212fb7
--- /dev/null
+++ b/security/py-fail2ban/files/patch-bsdftp.conf
@@ -0,0 +1,43 @@
+--- /dev/null 2010-01-12 16:33:00.000000000 -0500
++++ ./config/filter.d/bsdftp.conf 2010-01-12 16:26:27.000000000 -0500
+@@ -0,0 +1,40 @@
++# Fail2Ban configuration file
++#
++# Author: Ken Menzel
++#
++#
++
++[INCLUDES]
++
++# Read common prefixes. If any customizations available -- read them from
++# common.local
++before = common.conf
++
++
++[Definition]
++
++_daemon = ftpd
++#
++#
++# Option: failregex
++# Notes.: regex to match the password failures messages in the logfile. The
++# host must be matched by a group named "host". The tag "<HOST>" can
++# be used for standard IP/hostname matching and is only an alias for
++# (?:::f{4,6}:)?(?P<host>\S+)
++# Values: TEXT
++#
++failregex = ^%(__prefix_line)sFTP LOGIN FAILED FROM <HOST>,\s*.*$
++
++
++# \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
++# \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
++# \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
++# \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
++
++# May 28 15:11:53 freebsd4 ftpd[26191]: FTP LOGIN FAILED FROM freebsd4, dsf
++#
++# Option: ignoreregex
++# Notes.: regex to ignore. If this regex matches, the line is ignored.
++# Values: TEXT
++#
++ignoreregex =
diff --git a/security/py-fail2ban/files/patch-config__filter.d__sshd.conf b/security/py-fail2ban/files/patch-config__filter.d__sshd.conf
deleted file mode 100644
index aae819436ec..00000000000
--- a/security/py-fail2ban/files/patch-config__filter.d__sshd.conf
+++ /dev/null
@@ -1,11 +0,0 @@
---- ./config/filter.d/sshd.conf.orig 2009-07-22 11:52:29.236981029 -0400
-+++ ./config/filter.d/sshd.conf 2009-07-22 11:52:42.853934580 -0400
-@@ -23,7 +23,7 @@
- # (?:::f{4,6}:)?(?P<host>\S+)
- # Values: TEXT
- #
--failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
-+failregex = ^%(__prefix_line)s(?:error: PAM: )?[A|a]uthentication failure for .* from <HOST>\s*$
- ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
- ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
- ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
diff --git a/security/py-fail2ban/pkg-plist b/security/py-fail2ban/pkg-plist
index 03b66c11c33..c73ef9e2ab2 100644
--- a/security/py-fail2ban/pkg-plist
+++ b/security/py-fail2ban/pkg-plist
@@ -73,6 +73,8 @@ bin/fail2ban-regex
%%PYTHON_SITELIBDIR%%/server/faildata.pyc
%%ETCDIR%%/fail2ban.conf
%%ETCDIR%%/jail.conf
+%%ETCDIR%%/filter.d/bsd-sshd.conf
+%%ETCDIR%%/filter.d/bsdftp.conf
%%ETCDIR%%/filter.d/vsftpd.conf
%%ETCDIR%%/filter.d/gssftpd.conf
%%ETCDIR%%/filter.d/proftpd.conf
@@ -111,6 +113,7 @@ bin/fail2ban-regex
%%ETCDIR%%/action.d/hostsdeny.conf
%%ETCDIR%%/action.d/iptables.conf
%%ETCDIR%%/action.d/sendmail-whois.conf
+%%ETCDIR%%/action.d/bsd-ipfw.conf
@dirrm %%ETCDIR%%/filter.d
@dirrm %%ETCDIR%%/action.d
@dirrm %%ETCDIR%%
--
cgit