From owner-freebsd-ports-bugs@FreeBSD.ORG Wed May 25 14:00:21 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 395651065672 for ; Wed, 25 May 2011 14:00:21 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0C2878FC21 for ; Wed, 25 May 2011 14:00:21 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4PE0Kg4016840 for ; Wed, 25 May 2011 14:00:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4PE0KLI016832; Wed, 25 May 2011 14:00:20 GMT (envelope-from gnats) Resent-Date: Wed, 25 May 2011 14:00:20 GMT Resent-Message-Id: <201105251400.p4PE0KLI016832@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Nick Hilliard Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F3BE0106564A for ; Wed, 25 May 2011 13:54:36 +0000 (UTC) (envelope-from nick@muffin.acquirer.com) Received: from muffin.acquirer.com (unknown [IPv6:2001:1bb8:2004:150::2]) by mx1.freebsd.org (Postfix) with ESMTP id 6D8488FC0C for ; Wed, 25 May 2011 13:54:36 +0000 (UTC) Received: from muffin.acquirer.com (localhost [127.0.0.1]) by muffin.acquirer.com (8.14.3/8.14.3) with ESMTP id p4PDsWih022362; Wed, 25 May 2011 14:54:32 +0100 (IST) (envelope-from nick@muffin.acquirer.com) Received: (from nick@localhost) by muffin.acquirer.com (8.14.3/8.13.8/Submit) id p4PDsWOD056923; Wed, 25 May 2011 14:54:32 +0100 (IST) (envelope-from nick) Message-Id: <201105251354.p4PDsWOD056923@muffin.acquirer.com> Date: Wed, 25 May 2011 14:54:32 +0100 (IST) From: Nick Hilliard To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/157318: bugfix and feature addition for security/py-fail2ban X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Nick Hilliard List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2011 14:00:21 -0000 >Number: 157318 >Category: ports >Synopsis: bugfix and feature addition for security/py-fail2ban >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed May 25 14:00:20 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Nick Hilliard >Release: FreeBSD 7.2-RELEASE i386 >Organization: Network Ability Ltd >Environment: System: FreeBSD 7.2-RELEASE >Description: 1. fail2ban does not include an action.d configuration file for openbsd pf. This patch adds support for this. 2. fail2ban fails to scan syslogd entries when the "-v" or "-vv" syslogd command-line parameter is used. I've attached a patch to common.conf to fix this problem (see https://sourceforge.net/tracker/?func=detail&aid=3307502&group_id=121032&atid=689044). >How-To-Repeat: >Fix: diff -bNur py-fail2ban.orig/files/patch-common.conf py-fail2ban/files/patch-common.conf --- py-fail2ban.orig/files/patch-common.conf 1970-01-01 01:00:00.000000000 +0100 +++ py-fail2ban/files/patch-common.conf 2011-05-25 14:37:49.000000000 +0100 @@ -0,0 +1,17 @@ +--- config/filter.d/common.conf.orig 2011-05-25 14:25:33.000000000 +0100 ++++ config/filter.d/common.conf 2011-05-25 14:25:42.000000000 +0100 +@@ -32,10 +32,13 @@ + # EXAMPLES: sshd[31607], pop(pam_unix)[4920] + __daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:) + ++# Logging facility and priority for BSD "-v" verbose mode ++__bsd_verbose_mode = (?:\s*\<\S+\.\S+\>\s*) ++ + # + # Common line prefixes (beginnings) which could be used in filters + # + # [hostname] [vserver tag] daemon_id spaces + # this can be optional (for instance if we match named native log files) +-__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s* ++__prefix_line = \s*%(__bsd_verbose_mode)s(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s* + diff -bNur py-fail2ban.orig/files/patch-pf.conf py-fail2ban/files/patch-pf.conf --- py-fail2ban.orig/files/patch-pf.conf 1970-01-01 01:00:00.000000000 +0100 +++ py-fail2ban/files/patch-pf.conf 2011-05-25 14:41:26.000000000 +0100 @@ -0,0 +1,59 @@ +--- /dev/null 2010-01-12 16:33:00.000000000 -0500 ++++ ./config/action.d/pf.conf 2010-01-12 16:26:51.000000000 -0500 +@@ -0,0 +1,56 @@ ++# Fail2Ban configuration file ++# ++# OpenBSD pf ban/unban ++# ++# Author: Nick Hilliard ++# ++# ++ ++[Definition] ++ ++# Option: actionstart ++# Notes.: command executed once at the start of Fail2Ban. ++# Values: CMD ++# ++# we don't enable PF automatically, as it will be enabled elsewhere ++actionstart = ++ ++ ++# Option: actionstop ++# Notes.: command executed once at the end of Fail2Ban ++# Values: CMD ++# ++# we don't disable PF automatically either ++actionstop = ++ ++ ++# Option: actioncheck ++# Notes.: command executed once before each actionban command ++# Values: CMD ++# ++actioncheck = ++ ++ ++# Option: actionban ++# Notes.: command executed when banning an IP. Take care that the ++# command is executed with Fail2Ban user rights. ++# Tags: IP address ++# number of failures ++#