Date: Mon, 12 Oct 2009 17:52:52 +0400 (MSD) From: Dmitry Morozovsky <marck@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: amdmi3@FreeBSD.org Subject: ports/139545: security/bruteblock fix for current ssh patterns Message-ID: <200910121352.n9CDqqMa024118@woozle.rinet.ru> Resent-Message-ID: <200910121400.n9CE08vu094925@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 139545 >Category: ports >Synopsis: security/bruteblock fix for current ssh patterns >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Oct 12 14:00:07 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Dmitry Morozovsky >Release: FreeBSD 7-STABLE i386 >Organization: Cronyx Plus LLC (RiNet ISP) >Environment: System: FreeBSD 7-STABLE >Description: Default sshd failure patterns are obsolete. >How-To-Repeat: >Fix: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/bruteblock/Makefile,v retrieving revision 1.9 diff -u -r1.9 Makefile --- Makefile 28 Jul 2009 16:34:35 -0000 1.9 +++ Makefile 12 Oct 2009 13:50:28 -0000 @@ -7,7 +7,7 @@ PORTNAME= bruteblock PORTVERSION= 0.0.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= http://samm.kiev.ua/bruteblock/ \ http://mirror.amdmi3.ru/distfiles/ Index: files/patch-etc_ssh.conf =================================================================== RCS file: files/patch-etc_ssh.conf diff -N files/patch-etc_ssh.conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-etc_ssh.conf 12 Oct 2009 13:50:28 -0000 @@ -0,0 +1,39 @@ + +$FreeBSD$ + +--- /dev/null ++++ etc/ssh.conf +@@ -0,0 +1,33 @@ ++# Sample configuration file for the OpenSSH daemon ++ ++# regexp rule. Please rember that you MUST specify only one match for ++# ip address to block ++# ++# this regexp for the OpenSSH server matches lines like: ++# ++# comment: auth via key only ++#sshd[72593]: Illegal user hacker from 1.2.3.4 ++# ++# comment: pwd auth, but no such user ++#sshd[72593]: Failed password for illegal user sammmm from 1.2.3.4 ++# ++# comment: correct user, but wrong password ++#sshd[72626]: Failed password for samm from 1.2.3.4 ++# ++regexp = sshd.*Invalid user \S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) ++regexp1 = sshd.*Failed (password|keyboard-interactive/pam) for (?:invalid user )?\S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) ++ ++# Number of failed login attempts within time before we block ++max_count = 4 ++ ++# Time in seconds in which all failed login attempts must occur ++within_time = 60 ++ ++# Time in seconds to block ip in firewall ++ ++# 10 minutes ++reset_ip = 600 ++ ++# IPFW table number to add "bad" hosts ++ipfw2_table_no = 1 ++ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910121352.n9CDqqMa024118>