Date: Mon, 17 Dec 2012 18:44:26 +0000 (UTC) From: Wesley Shields <wxs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r309119 - in head/security/py-fail2ban: . files Message-ID: <201212171844.qBHIiQvs042910@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wxs Date: Mon Dec 17 18:44:26 2012 New Revision: 309119 URL: http://svnweb.freebsd.org/changeset/ports/309119 Log: Minor enhancements: 1) Add a fix for https://github.com/fail2ban/fail2ban/issues/91 (Spurious UTF8 in SYSLOG is not fully fixed) 2) Add a filter for sendmail, the default mailer on FreeBSD 3) Make the ipfw table used in the action bsd-ipfw configurable PR: ports/173956 Submitted by: Christoph Theis <theis@gmx.at> (maintainer) Added: head/security/py-fail2ban/files/patch-actions.py (contents, props changed) head/security/py-fail2ban/files/patch-bsd-sendmail.conf (contents, props changed) Modified: head/security/py-fail2ban/Makefile head/security/py-fail2ban/files/patch-bsd-ipfw.conf (contents, props changed) head/security/py-fail2ban/pkg-plist Modified: head/security/py-fail2ban/Makefile ============================================================================== --- head/security/py-fail2ban/Makefile Mon Dec 17 18:39:39 2012 (r309118) +++ head/security/py-fail2ban/Makefile Mon Dec 17 18:44:26 2012 (r309119) @@ -3,6 +3,7 @@ PORTNAME= fail2ban PORTVERSION= 0.8.7.1 +PORTREVISION= 1 CATEGORIES= security python MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/tarball/${PORTVERSION}/ PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} Added: head/security/py-fail2ban/files/patch-actions.py ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/py-fail2ban/files/patch-actions.py Mon Dec 17 18:44:26 2012 (r309119) @@ -0,0 +1,5 @@ +--- server/actions.py.orig 2012-11-27 18:16:18.000000000 +0100 ++++ server/actions.py 2012-11-27 18:17:04.000000000 +0100 +@@ -206 +206 @@ +- logSys.warn("[%s] Unban %s" % (self.jail.getName(), aInfo["ip"])) ++ logSys.warn("[%s] Unban %s" % (self.jail.getName(), str(aInfo["ip"]))) Modified: head/security/py-fail2ban/files/patch-bsd-ipfw.conf ============================================================================== --- head/security/py-fail2ban/files/patch-bsd-ipfw.conf Mon Dec 17 18:39:39 2012 (r309118) +++ head/security/py-fail2ban/files/patch-bsd-ipfw.conf Mon Dec 17 18:44:26 2012 (r309119) @@ -1,6 +1,6 @@ ---- /dev/null 2010-01-12 16:33:00.000000000 -0500 -+++ ./config/action.d/bsd-ipfw.conf 2010-01-12 16:26:51.000000000 -0500 -@@ -0,0 +1,65 @@ +--- /dev/null 2012-11-27 18:04:17.000000000 +0100 ++++ config/action.d/bsd-ipfw.conf 2012-11-27 18:06:29.000000000 +0100 +@@ -0,0 +1,72 @@ +# Fail2Ban configuration file +# +# Author: Nick Munger @@ -36,10 +36,11 @@ +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time ++# <table> ipfw table to use +# Values: CMD +# +# requires an ipfw rule like "deny ip from table(1) to me" -+actionban = ipfw table 1 add <ip> ++actionban = ipfw table <table> add <ip> + + +# Option: actionunban @@ -48,9 +49,10 @@ +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time ++# <table> ipfw table to use +# Values: CMD +# -+actionunban = ipfw table 1 delete <ip> ++actionunban = ipfw table <table> delete <ip> + +[Init] + @@ -66,3 +68,8 @@ +# Values: IP +# +localhost = 127.0.0.1 ++ ++# Option: table ++# Notes: the ipfw table to use ++# Values: NUM ++table = 1 Added: head/security/py-fail2ban/files/patch-bsd-sendmail.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/py-fail2ban/files/patch-bsd-sendmail.conf Mon Dec 17 18:44:26 2012 (r309119) @@ -0,0 +1,38 @@ +--- /dev/null 2012-11-27 18:33:00.000000000 +0100 ++++ config/filter.d/bsd-sendmail.conf 2012-11-27 18:32:47.000000000 +0100 +@@ -0,0 +1,35 @@ ++# Fail2Ban configuration file ++# ++# Source: http://www.the-art-of-web.com/system/fail2ban-sendmail ++# Contributors: Gutza, the SASL regex ++# ++# $Revision$ ++ ++[INCLUDES] ++ ++# Read common prefixes. If any customizations available -- read them from ++# common.local ++before = common.conf ++ ++[Definition] ++ ++# Option: failregex ++# Notes.: regex to match the password failures messages in the logfile. ++# The host must be matched by a group named "host". ++# The tag "<HOST>" can be used for standard IP/hostname matching ++# and is only an alias for (':::f{4,6}:)?(?P<host>\S+) ++# Values: TEXT ++ ++failregex = \[<HOST>\] .*to MTA ++# \[<HOST>\] \(may be forged\) ++ \[<HOST>\], reject.*\.\.\. Relaying denied ++ (User unknown)\n* \[<HOST>\] ++ badlogin: .* \[<HOST>\] plaintext .* SASL ++ \[<HOST>\]: possible SMTP attack: ++ ++# Option: ignoreregex ++# Notes.: regex to ignore. If this regex matces, the line is ignored. ++# Values: TEXT ++ ++ignoreregex = ++ \ No newline at end of file Modified: head/security/py-fail2ban/pkg-plist ============================================================================== --- head/security/py-fail2ban/pkg-plist Mon Dec 17 18:39:39 2012 (r309118) +++ head/security/py-fail2ban/pkg-plist Mon Dec 17 18:44:26 2012 (r309119) @@ -29,6 +29,7 @@ %%ETCDIR%%/filter.d/apache-noscript.conf %%ETCDIR%%/filter.d/apache-overflows.conf %%ETCDIR%%/filter.d/asterisk.conf +%%ETCDIR%%/filter.d/bsd-sendmail.conf %%ETCDIR%%/filter.d/bsd-sshd.conf %%ETCDIR%%/filter.d/bsdftp.conf %%ETCDIR%%/filter.d/common.conf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212171844.qBHIiQvs042910>