Date: Tue, 27 Nov 2012 19:05:37 GMT From: Christoph Theis <theis@gmx.at> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/173956: [maintainer-update] fail2ban: minor fixes and enhancements Message-ID: <201211271905.qARJ5b5X094418@red.freebsd.org> Resent-Message-ID: <201211271910.qARJA0ES079304@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 173956 >Category: ports >Synopsis: [maintainer-update] fail2ban: minor fixes and enhancements >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Nov 27 19:10:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Christoph Theis >Release: >Organization: >Environment: >Description: Add some minor fixes and enhancements to current fail2ban: 1) Add a fix for https://github.com/fail2ban/fail2ban/issues/91 (Spurious UTF8 in SYSLOG is not fully fixed) 2) Add a filter for sendmail, the default mailer on FreeBSD 3) Make the ipfw table used in the action bsd-ipfw configurable Many thanks to Andrey Chernov for submittin me the patches The diff was created with svn. I hope it is in the right format. >How-To-Repeat: >Fix: Patch attached with submission follows: Index: Makefile =================================================================== --- Makefile (revision 307858) +++ Makefile (working copy) @@ -3,6 +3,7 @@ PORTNAME= fail2ban PORTVERSION= 0.8.7.1 +PORTREVISION= 1 CATEGORIES= security python MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/tarball/${PORTVERSION}/ PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} Index: files/patch-actions.py =================================================================== --- files/patch-actions.py (revision 0) +++ files/patch-actions.py (working copy) @@ -0,0 +1,5 @@ +--- server/actions.py.orig 2012-11-27 18:16:18.000000000 +0100 ++++ server/actions.py 2012-11-27 18:17:04.000000000 +0100 +@@ -206 +206 @@ +- logSys.warn("[%s] Unban %s" % (self.jail.getName(), aInfo["ip"])) ++ logSys.warn("[%s] Unban %s" % (self.jail.getName(), str(aInfo["ip"]))) Index: files/patch-bsd-ipfw.conf =================================================================== --- files/patch-bsd-ipfw.conf (revision 307858) +++ files/patch-bsd-ipfw.conf (working copy) @@ -1,6 +1,6 @@ ---- /dev/null 2010-01-12 16:33:00.000000000 -0500 -+++ ./config/action.d/bsd-ipfw.conf 2010-01-12 16:26:51.000000000 -0500 -@@ -0,0 +1,65 @@ +--- /dev/null 2012-11-27 18:04:17.000000000 +0100 ++++ config/action.d/bsd-ipfw.conf 2012-11-27 18:06:29.000000000 +0100 +@@ -0,0 +1,72 @@ +# Fail2Ban configuration file +# +# Author: Nick Munger @@ -36,10 +36,11 @@ +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time ++# <table> ipfw table to use +# Values: CMD +# +# requires an ipfw rule like "deny ip from table(1) to me" -+actionban = ipfw table 1 add <ip> ++actionban = ipfw table <table> add <ip> + + +# Option: actionunban @@ -48,9 +49,10 @@ +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time ++# <table> ipfw table to use +# Values: CMD +# -+actionunban = ipfw table 1 delete <ip> ++actionunban = ipfw table <table> delete <ip> + +[Init] + @@ -66,3 +68,8 @@ +# Values: IP +# +localhost = 127.0.0.1 ++ ++# Option: table ++# Notes: the ipfw table to use ++# Values: NUM ++table = 1 Index: files/patch-bsd-sendmail.conf =================================================================== --- files/patch-bsd-sendmail.conf (revision 0) +++ files/patch-bsd-sendmail.conf (working copy) @@ -0,0 +1,38 @@ +--- /dev/null 2012-11-27 18:33:00.000000000 +0100 ++++ config/filter.d/bsd-sendmail.conf 2012-11-27 18:32:47.000000000 +0100 +@@ -0,0 +1,35 @@ ++# Fail2Ban configuration file ++# ++# Source: http://www.the-art-of-web.com/system/fail2ban-sendmail ++# Contributors: Gutza, the SASL regex ++# ++# $Revision$ ++ ++[INCLUDES] ++ ++# Read common prefixes. If any customizations available -- read them from ++# common.local ++before = common.conf ++ ++[Definition] ++ ++# Option: failregex ++# Notes.: regex to match the password failures messages in the logfile. ++# The host must be matched by a group named "host". ++# The tag "<HOST>" can be used for standard IP/hostname matching ++# and is only an alias for (':::f{4,6}:)?(?P<host>\S+) ++# Values: TEXT ++ ++failregex = \[<HOST>\] .*to MTA ++# \[<HOST>\] \(may be forged\) ++ \[<HOST>\], reject.*\.\.\. Relaying denied ++ (User unknown)\n* \[<HOST>\] ++ badlogin: .* \[<HOST>\] plaintext .* SASL ++ \[<HOST>\]: possible SMTP attack: ++ ++# Option: ignoreregex ++# Notes.: regex to ignore. If this regex matces, the line is ignored. ++# Values: TEXT ++ ++ignoreregex = ++ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211271905.qARJ5b5X094418>