Attachment #129892 for bug #173956

View | Details | Raw Unified | Return to bug 173956
Collapse All | Expand All

Lines 3-8 Link Here

(-)Makefile (+1 lines)
3		3
4	PORTNAME= fail2ban	4	PORTNAME= fail2ban
5	PORTVERSION= 0.8.7.1	5	PORTVERSION= 0.8.7.1
		6	PORTREVISION= 1
6	CATEGORIES= security python	7	CATEGORIES= security python
7	MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/tarball/${PORTVERSION}/	8	MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/tarball/${PORTVERSION}/
8	PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}	9	PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}

Line 0 Link Here

(-)files/patch-actions.py (+5 lines)
	1	--- server/actions.py.orig 2012-11-27 18:16:18.000000000 +0100
	2	+++ server/actions.py 2012-11-27 18:17:04.000000000 +0100
	3	@@ -206 +206 @@
	4	- logSys.warn("[%s] Unban %s" % (self.jail.getName(), aInfo["ip"]))
	5	+ logSys.warn("[%s] Unban %s" % (self.jail.getName(), str(aInfo["ip"])))




--- /dev/null	2012-11-27 18:04:17.000000000 +0100
+++ config/action.d/bsd-ipfw.conf	2012-11-27 18:06:29.000000000 +0100
@@ -0,0 +1,72 @@
+# Fail2Ban configuration file
+#
+# Author: Nick Munger

+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+#          <table> ipfw table to use
+# Values:  CMD
+#
+# requires an ipfw rule like "deny ip from table(1) to me"
+actionban = ipfw table <table> add <ip>
+
+
+# Option:  actionunban

+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+#          <table> ipfw table to use
+# Values:  CMD
+#
+actionunban = ipfw table <table> delete <ip>
+
+[Init]
+

+# Values:  IP
+#
+localhost = 127.0.0.1
+
+# Option:  table
+# Notes:   the ipfw table to use
+# Values:  NUM
+table = 1




--- /dev/null	2012-11-27 18:33:00.000000000 +0100
+++ config/filter.d/bsd-sendmail.conf	2012-11-27 18:32:47.000000000 +0100
@@ -0,0 +1,35 @@
+# Fail2Ban configuration file
+#
+# Source: http://www.the-art-of-web.com/system/fail2ban-sendmail
+# Contributors: Gutza, the SASL regex
+#
+# $Revision$
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. 
+#          The host must be matched by a group named "host". 
+#          The tag "<HOST>" can be used for standard IP/hostname matching
+#          and is only an alias for (':::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+
+failregex = \[<HOST>\] .*to MTA
+#           \[<HOST>\] \(may be forged\)
+            \[<HOST>\], reject.*\.\.\. Relaying denied
+            (User unknown)\n* \[<HOST>\]
+            badlogin: .* \[<HOST>\] plaintext .* SASL
+            \[<HOST>\]: possible SMTP attack:
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matces, the line is ignored.
+# Values:  TEXT
+
+ignoreregex = 
+

Return to bug 173956

Lines 1-6 Link Here

(-)files/patch-bsd-ipfw.conf (-5 / +12 lines)
1	--- /dev/null 2010-01-12 16:33:00.000000000 -0500	1	--- /dev/null 2012-11-27 18:04:17.000000000 +0100
2	+++ ./config/action.d/bsd-ipfw.conf 2010-01-12 16:26:51.000000000 -0500	2	+++ config/action.d/bsd-ipfw.conf 2012-11-27 18:06:29.000000000 +0100
3	@@ -0,0 +1,65 @@	3	@@ -0,0 +1,72 @@
4	+# Fail2Ban configuration file	4	+# Fail2Ban configuration file
5	+#	5	+#
6	+# Author: Nick Munger	6	+# Author: Nick Munger
Lines 36-45 Link Here
36	+# Tags: <ip> IP address	36	+# Tags: <ip> IP address
37	+# <failures> number of failures	37	+# <failures> number of failures
38	+# <time> unix timestamp of the ban time	38	+# <time> unix timestamp of the ban time
		39	+# <table> ipfw table to use
39	+# Values: CMD	40	+# Values: CMD
40	+#	41	+#
41	+# requires an ipfw rule like "deny ip from table(1) to me"	42	+# requires an ipfw rule like "deny ip from table(1) to me"
42	+actionban = ipfw table 1 add <ip>	43	+actionban = ipfw table <table> add <ip>
43	+	44	+
44	+	45	+
45	+# Option: actionunban	46	+# Option: actionunban
Lines 48-56 Link Here
48	+# Tags: <ip> IP address	49	+# Tags: <ip> IP address
49	+# <failures> number of failures	50	+# <failures> number of failures
50	+# <time> unix timestamp of the ban time	51	+# <time> unix timestamp of the ban time
		52	+# <table> ipfw table to use
51	+# Values: CMD	53	+# Values: CMD
52	+#	54	+#
53	+actionunban = ipfw table 1 delete <ip>	55	+actionunban = ipfw table <table> delete <ip>
54	+	56	+
55	+[Init]	57	+[Init]
56	+	58	+
Lines 66-68 Link Here
66	+# Values: IP	68	+# Values: IP
67	+#	69	+#
68	+localhost = 127.0.0.1	70	+localhost = 127.0.0.1
		71	+
		72	+# Option: table
		73	+# Notes: the ipfw table to use
		74	+# Values: NUM
		75	+table = 1

Line 0 Link Here

(-)files/patch-bsd-sendmail.conf (+38 lines)
	1	--- /dev/null 2012-11-27 18:33:00.000000000 +0100
	2	+++ config/filter.d/bsd-sendmail.conf 2012-11-27 18:32:47.000000000 +0100
	3	@@ -0,0 +1,35 @@
	4	+# Fail2Ban configuration file
	5	+#
	6	+# Source: http://www.the-art-of-web.com/system/fail2ban-sendmail
	7	+# Contributors: Gutza, the SASL regex
	8	+#
	9	+# $Revision$
	10	+
	11	+[INCLUDES]
	12	+
	13	+# Read common prefixes. If any customizations available -- read them from
	14	+# common.local
	15	+before = common.conf
	16	+
	17	+[Definition]
	18	+
	19	+# Option: failregex
	20	+# Notes.: regex to match the password failures messages in the logfile.
	21	+# The host must be matched by a group named "host".
	22	+# The tag "<HOST>" can be used for standard IP/hostname matching
	23	+# and is only an alias for (':::f{4,6}:)?(?P<host>\S+)
	24	+# Values: TEXT
	25	+
	26	+failregex = \[<HOST>\] .*to MTA
	27	+# \[<HOST>\] \(may be forged\)
	28	+ \[<HOST>\], reject.*\.\.\. Relaying denied
	29	+ (User unknown)\n* \[<HOST>\]
	30	+ badlogin: .* \[<HOST>\] plaintext .* SASL
	31	+ \[<HOST>\]: possible SMTP attack:
	32	+
	33	+# Option: ignoreregex
	34	+# Notes.: regex to ignore. If this regex matces, the line is ignored.
	35	+# Values: TEXT
	36	+
	37	+ignoreregex =
	38	+