diff options
Diffstat (limited to 'security/py-fail2ban')
| -rw-r--r-- | security/py-fail2ban/Makefile | 4 | ||||
| -rw-r--r-- | security/py-fail2ban/files/patch-config_filter.d_bsd-sshd.conf | 44 |
2 files changed, 45 insertions, 3 deletions
diff --git a/security/py-fail2ban/Makefile b/security/py-fail2ban/Makefile index c571d8418ec6..2d4f78da12c4 100644 --- a/security/py-fail2ban/Makefile +++ b/security/py-fail2ban/Makefile @@ -1,6 +1,6 @@ PORTNAME= fail2ban DISTVERSION= 1.1.0 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -63,7 +63,6 @@ post-patch: ${MAN_FILES} @${REINPLACE_CMD} -e 's, sed , ${SED} ,g' \ ${WRKSRC}/config/action.d/hostsdeny.conf - @${RM} ${WRKSRC}/config/filter.d/sshd.conf # XXX Ideally this should be in do-build but it only works in # XXX post-patch @@ -79,7 +78,6 @@ post-install: post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${WRKSRC}/ && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) - @${RM} ${STAGEDIR}/${ETCDIR}/filter.d/selinux-sshd.conf do-test: @cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test diff --git a/security/py-fail2ban/files/patch-config_filter.d_bsd-sshd.conf b/security/py-fail2ban/files/patch-config_filter.d_bsd-sshd.conf new file mode 100644 index 000000000000..153cdfb3bb3c --- /dev/null +++ b/security/py-fail2ban/files/patch-config_filter.d_bsd-sshd.conf @@ -0,0 +1,44 @@ +--- config/filter.d/bsd-sshd.conf.orig 2020-03-27 11:15:56 UTC ++++ config/filter.d/bsd-sshd.conf +@@ -0,0 +1,41 @@ ++# Fail2Ban configuration file ++# ++# Author: Cyril Jaquier ++# ++# $Revision: 663 $ ++# ++ ++[INCLUDES] ++ ++# Read common prefixes. If any customizations available -- read them from ++# common.local ++before = common.conf ++ ++ ++[Definition] ++ ++_daemon = sshd ++ ++# Option: failregex ++# Notes.: regex to match the password failures messages in the logfile. The ++# host must be matched by a group named "host". The tag "<HOST>" can ++# be used for standard IP/hostname matching and is only an alias for ++# (?:::f{4,6}:)?(?P<host>\S+) ++# Values: TEXT ++# ++failregex = ^%(__prefix_line)s(?:error: PAM: )?[A|a]uthentication (?:failure|error) for .* from <HOST>\s*$ ++ ^%(__prefix_line)sDid not receive identification string from <HOST>$ ++ ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ ++ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ ++ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ ++ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST> port \d*$ ++ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$ ++ ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ ++ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ ++ ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT!$ ++ ++# Option: ignoreregex ++# Notes.: regex to ignore. If this regex matches, the line is ignored. ++# Values: TEXT ++# ++ignoreregex = |