ports/157318: bugfix and feature addition for security/py-fail2ban
Nick Hilliard
nick at foobar.org
Wed May 25 14:00:21 UTC 2011
>Number: 157318
>Category: ports
>Synopsis: bugfix and feature addition for security/py-fail2ban
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed May 25 14:00:20 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Nick Hilliard
>Release: FreeBSD 7.2-RELEASE i386
>Organization:
Network Ability Ltd
>Environment:
System: FreeBSD 7.2-RELEASE
>Description:
1. fail2ban does not include an action.d configuration file for openbsd pf.
This patch adds support for this.
2. fail2ban fails to scan syslogd entries when the "-v" or "-vv" syslogd
command-line parameter is used. I've attached a patch to common.conf to fix
this problem (see https://sourceforge.net/tracker/?func=detail&aid=3307502&group_id=121032&atid=689044).
>How-To-Repeat:
>Fix:
diff -bNur py-fail2ban.orig/files/patch-common.conf py-fail2ban/files/patch-common.conf
--- py-fail2ban.orig/files/patch-common.conf 1970-01-01 01:00:00.000000000 +0100
+++ py-fail2ban/files/patch-common.conf 2011-05-25 14:37:49.000000000 +0100
@@ -0,0 +1,17 @@
+--- config/filter.d/common.conf.orig 2011-05-25 14:25:33.000000000 +0100
++++ config/filter.d/common.conf 2011-05-25 14:25:42.000000000 +0100
+@@ -32,10 +32,13 @@
+ # EXAMPLES: sshd[31607], pop(pam_unix)[4920]
+ __daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+
++# Logging facility and priority for BSD "-v" verbose mode
++__bsd_verbose_mode = (?:\s*\<\S+\.\S+\>\s*)
++
+ #
+ # Common line prefixes (beginnings) which could be used in filters
+ #
+ # [hostname] [vserver tag] daemon_id spaces
+ # this can be optional (for instance if we match named native log files)
+-__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
++__prefix_line = \s*%(__bsd_verbose_mode)s(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
+
diff -bNur py-fail2ban.orig/files/patch-pf.conf py-fail2ban/files/patch-pf.conf
--- py-fail2ban.orig/files/patch-pf.conf 1970-01-01 01:00:00.000000000 +0100
+++ py-fail2ban/files/patch-pf.conf 2011-05-25 14:41:26.000000000 +0100
@@ -0,0 +1,59 @@
+--- /dev/null 2010-01-12 16:33:00.000000000 -0500
++++ ./config/action.d/pf.conf 2010-01-12 16:26:51.000000000 -0500
+@@ -0,0 +1,56 @@
++# Fail2Ban configuration file
++#
++# OpenBSD pf ban/unban
++#
++# Author: Nick Hilliard <nick at foobar.org>
++#
++#
++
++[Definition]
++
++# Option: actionstart
++# Notes.: command executed once at the start of Fail2Ban.
++# Values: CMD
++#
++# we don't enable PF automatically, as it will be enabled elsewhere
++actionstart =
++
++
++# Option: actionstop
++# Notes.: command executed once at the end of Fail2Ban
++# Values: CMD
++#
++# we don't disable PF automatically either
++actionstop =
++
++
++# Option: actioncheck
++# Notes.: command executed once before each actionban command
++# Values: CMD
++#
++actioncheck =
++
++
++# Option: actionban
++# Notes.: command executed when banning an IP. Take care that the
++# command is executed with Fail2Ban user rights.
++# Tags: <ip> IP address
++# <failures> number of failures
++# <time> unix timestamp of the ban time
++# Values: CMD
++#
++actionban = /sbin/pfctl -t fail2ban -T add <ip>/32
++
++
++# Option: actionunban
++# Notes.: command executed when unbanning an IP. Take care that the
++# command is executed with Fail2Ban user rights.
++# Tags: <ip> IP address
++# <failures> number of failures
++# <time> unix timestamp of the ban time
++# Values: CMD
++#
++# note -r option used to remove matching rule
++actionunban = /sbin/pfctl -t fail2ban -T delete <ip>/32
++
++[Init]
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list