Date: Wed, 25 May 2011 14:54:32 +0100 (IST) From: Nick Hilliard <nick@foobar.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/157318: bugfix and feature addition for security/py-fail2ban Message-ID: <201105251354.p4PDsWOD056923@muffin.acquirer.com> Resent-Message-ID: <201105251400.p4PE0KLI016832@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 157318 >Category: ports >Synopsis: bugfix and feature addition for security/py-fail2ban >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed May 25 14:00:20 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Nick Hilliard >Release: FreeBSD 7.2-RELEASE i386 >Organization: Network Ability Ltd >Environment: System: FreeBSD 7.2-RELEASE >Description: 1. fail2ban does not include an action.d configuration file for openbsd pf. This patch adds support for this. 2. fail2ban fails to scan syslogd entries when the "-v" or "-vv" syslogd command-line parameter is used. I've attached a patch to common.conf to fix this problem (see https://sourceforge.net/tracker/?func=detail&aid=3307502&group_id=121032&atid=689044). >How-To-Repeat: >Fix: diff -bNur py-fail2ban.orig/files/patch-common.conf py-fail2ban/files/patch-common.conf --- py-fail2ban.orig/files/patch-common.conf 1970-01-01 01:00:00.000000000 +0100 +++ py-fail2ban/files/patch-common.conf 2011-05-25 14:37:49.000000000 +0100 @@ -0,0 +1,17 @@ +--- config/filter.d/common.conf.orig 2011-05-25 14:25:33.000000000 +0100 ++++ config/filter.d/common.conf 2011-05-25 14:25:42.000000000 +0100 +@@ -32,10 +32,13 @@ + # EXAMPLES: sshd[31607], pop(pam_unix)[4920] + __daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:) + ++# Logging facility and priority for BSD "-v" verbose mode ++__bsd_verbose_mode = (?:\s*\<\S+\.\S+\>\s*) ++ + # + # Common line prefixes (beginnings) which could be used in filters + # + # [hostname] [vserver tag] daemon_id spaces + # this can be optional (for instance if we match named native log files) +-__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s* ++__prefix_line = \s*%(__bsd_verbose_mode)s(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s* + diff -bNur py-fail2ban.orig/files/patch-pf.conf py-fail2ban/files/patch-pf.conf --- py-fail2ban.orig/files/patch-pf.conf 1970-01-01 01:00:00.000000000 +0100 +++ py-fail2ban/files/patch-pf.conf 2011-05-25 14:41:26.000000000 +0100 @@ -0,0 +1,59 @@ +--- /dev/null 2010-01-12 16:33:00.000000000 -0500 ++++ ./config/action.d/pf.conf 2010-01-12 16:26:51.000000000 -0500 +@@ -0,0 +1,56 @@ ++# Fail2Ban configuration file ++# ++# OpenBSD pf ban/unban ++# ++# Author: Nick Hilliard <nick@foobar.org> ++# ++# ++ ++[Definition] ++ ++# Option: actionstart ++# Notes.: command executed once at the start of Fail2Ban. ++# Values: CMD ++# ++# we don't enable PF automatically, as it will be enabled elsewhere ++actionstart = ++ ++ ++# Option: actionstop ++# Notes.: command executed once at the end of Fail2Ban ++# Values: CMD ++# ++# we don't disable PF automatically either ++actionstop = ++ ++ ++# Option: actioncheck ++# Notes.: command executed once before each actionban command ++# Values: CMD ++# ++actioncheck = ++ ++ ++# Option: actionban ++# Notes.: command executed when banning an IP. Take care that the ++# command is executed with Fail2Ban user rights. ++# Tags: <ip> IP address ++# <failures> number of failures ++# <time> unix timestamp of the ban time ++# Values: CMD ++# ++actionban = /sbin/pfctl -t fail2ban -T add <ip>/32 ++ ++ ++# Option: actionunban ++# Notes.: command executed when unbanning an IP. Take care that the ++# command is executed with Fail2Ban user rights. ++# Tags: <ip> IP address ++# <failures> number of failures ++# <time> unix timestamp of the ban time ++# Values: CMD ++# ++# note -r option used to remove matching rule ++actionunban = /sbin/pfctl -t fail2ban -T delete <ip>/32 ++ ++[Init] >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105251354.p4PDsWOD056923>