From owner-svn-ports-all@FreeBSD.ORG Tue Mar 24 02:11:27 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E37AE579; Tue, 24 Mar 2015 02:11:27 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CD403222; Tue, 24 Mar 2015 02:11:27 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t2O2BR4c051393; Tue, 24 Mar 2015 02:11:27 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t2O2BQLW051387; Tue, 24 Mar 2015 02:11:26 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201503240211.t2O2BQLW051387@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Tue, 24 Mar 2015 02:11:26 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r382063 - in head/security/sshguard: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2015 02:11:28 -0000 Author: feld Date: Tue Mar 24 02:11:26 2015 New Revision: 382063 URL: https://svnweb.freebsd.org/changeset/ports/382063 QAT: https://qat.redports.org/buildarchive/r382063/ Log: Enable matching of syslog entries with PR: 197854 Modified: head/security/sshguard/Makefile head/security/sshguard/files/patch-src-parser-attack_scanner.l head/security/sshguard/files/patch-src-sshguard.c Modified: head/security/sshguard/Makefile ============================================================================== --- head/security/sshguard/Makefile Tue Mar 24 02:05:47 2015 (r382062) +++ head/security/sshguard/Makefile Tue Mar 24 02:11:26 2015 (r382063) @@ -3,7 +3,7 @@ PORTNAME= sshguard PORTVERSION= 1.5 -PORTREVISION= 10 +PORTREVISION= 11 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/sshguard-${PORTVERSION} Modified: head/security/sshguard/files/patch-src-parser-attack_scanner.l ============================================================================== --- head/security/sshguard/files/patch-src-parser-attack_scanner.l Tue Mar 24 02:05:47 2015 (r382062) +++ head/security/sshguard/files/patch-src-parser-attack_scanner.l Tue Mar 24 02:11:26 2015 (r382063) @@ -1,20 +1,26 @@ ---- src/parser/attack_scanner.l.orig 2011-02-09 12:01:47 UTC +--- src/parser/attack_scanner.l.orig 2015-03-24 02:08:55 UTC +++ src/parser/attack_scanner.l -@@ -127,7 +127,7 @@ IPV4MAPPED6 ((:(:0{1,4}){0,4}|0{1,4}:(:0 +@@ -78,6 +78,7 @@ MINPS [0-5][0-9] + WORD [a-zA-Z0-9][-_a-zA-Z0-9]+ + NUMBER [1-9][0-9]* + HOSTADDR localhost|([-a-zA-Z0-9]+\.)+[a-zA-Z]+ ++FACLEVEL (<[a-zA-Z0-9]+\.[a-zA-Z0-9]+>) + TIMESTAMP_SYSLOG {MONTH}\ +{DAYNO}\ +{HOUR}:{MINPS}:{MINPS} + TIMESTAMP_TAI64 [0-9A-Fa-f]{24} +@@ -107,13 +108,13 @@ IPV4MAPPED6 ((:(:0{1,4}){0,4}|0{1,4}:(:0 + */ - /* SSH: invalid or rejected user (cross platform [generated by openssh]) */ --"Invalid user ".+" from " { return SSH_INVALUSERPREF; } -+[Ii]"nvalid user ".+" from " { return SSH_INVALUSERPREF; } - /* match disallowed user (not in AllowUsers/AllowGroups or in DenyUsers/DenyGroups) on Linux Ubuntu/FreeBSD */ - /* "User tinydns from 1.2.3.4 not allowed because not listed in AllowUsers" */ - "User ".+" from " { BEGIN(ssh_notallowed); return SSH_NOTALLOWEDPREF; } -@@ -175,7 +175,7 @@ IPV4MAPPED6 ((:(:0{1,4}){0,4}|0{1,4}:(:0 + /* handle entries with PID and without PID from processes other than sshguard */ +-{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+{PROCESSNAME}"["{NUMBER}"]: "{SOLARIS_MSGID_TAG}? { ++{TIMESTAMP_SYSLOG}[ ]+{FACLEVEL}?[ ]*([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+{PROCESSNAME}"["{NUMBER}"]: "{SOLARIS_MSGID_TAG}? { + /* extract PID */ + yylval.num = getsyslogpid(yytext, yyleng); + return SYSLOG_BANNER_PID; + } - /* cyrus-imap login error */ - "badlogin: "[^\[]*"[" { BEGIN(cyrusimap_loginerr); return CYRUSIMAP_SASL_LOGINERR_PREF; } --"] ".*"SASL".*"checkpass failed" { BEGIN(INITIAL); return CYRUSIMAP_SASL_LOGINERR_SUFF; } -+"] ".*"SASL".*"failed".?$ { BEGIN(INITIAL); return CYRUSIMAP_SASL_LOGINERR_SUFF; } +-{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+({PROCESSNAME}":")? { return SYSLOG_BANNER; } ++{TIMESTAMP_SYSLOG}[ ]+{FACLEVEL}?[ ]*([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+({PROCESSNAME}":")? { return SYSLOG_BANNER; } - /* FreeBSD's ftpd login errors */ - "FTP LOGIN FAILED FROM " { BEGIN(freebsdftpd_loginerr); return FREEBSDFTPD_LOGINERR_PREF; } + /* syslog style "last message repeated N times" */ + "last message repeated "([1-9][0-9]*)" times" { Modified: head/security/sshguard/files/patch-src-sshguard.c ============================================================================== --- head/security/sshguard/files/patch-src-sshguard.c Tue Mar 24 02:05:47 2015 (r382062) +++ head/security/sshguard/files/patch-src-sshguard.c Tue Mar 24 02:11:26 2015 (r382063) @@ -1,6 +1,6 @@ ---- src/sshguard.c.orig 2010-08-09 08:44:15.000000000 +0200 -+++ src/sshguard.c 2011-03-28 11:42:42.000000000 +0200 -@@ -566,9 +566,13 @@ +--- src/sshguard.c.orig 2011-02-09 12:01:47 UTC ++++ src/sshguard.c +@@ -567,9 +567,13 @@ static void process_blacklisted_addresse /* terminate array list */ addresses[i] = NULL; /* do block addresses of this kind */ @@ -17,5 +17,3 @@ } /* free temporary arrays */ free(addresses); - -