ports/139545: security/bruteblock fix for current ssh patterns

Dmitry Morozovsky marck at FreeBSD.org
Mon Oct 12 14:00:12 UTC 2009 

>Number:         139545
>Category:       ports
>Synopsis:       security/bruteblock fix for current ssh patterns
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 12 14:00:07 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry Morozovsky
>Release:        FreeBSD 7-STABLE i386
>Organization:
Cronyx Plus LLC (RiNet ISP)
>Environment:
System: FreeBSD 7-STABLE 


>Description:

Default sshd failure patterns are obsolete.

>How-To-Repeat:

>Fix:


Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/bruteblock/Makefile,v
retrieving revision 1.9
diff -u -r1.9 Makefile
--- Makefile	28 Jul 2009 16:34:35 -0000	1.9
+++ Makefile	12 Oct 2009 13:50:28 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	bruteblock
 PORTVERSION=	0.0.5
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	http://samm.kiev.ua/bruteblock/ \
 		http://mirror.amdmi3.ru/distfiles/
Index: files/patch-etc_ssh.conf
===================================================================
RCS file: files/patch-etc_ssh.conf
diff -N files/patch-etc_ssh.conf
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/patch-etc_ssh.conf	12 Oct 2009 13:50:28 -0000
@@ -0,0 +1,39 @@
+
+$FreeBSD$
+
+--- /dev/null
++++ etc/ssh.conf
+@@ -0,0 +1,33 @@
++# Sample configuration file for the OpenSSH daemon
++
++# regexp rule. Please rember that you MUST specify only one match for
++# ip address to block
++#
++# this regexp for the OpenSSH server matches lines like:
++#
++# comment: auth via key only
++#sshd[72593]: Illegal user hacker from 1.2.3.4
++#
++# comment: pwd auth, but no such user
++#sshd[72593]: Failed password for illegal user sammmm from 1.2.3.4
++#
++# comment: correct user, but wrong password
++#sshd[72626]: Failed password for samm from 1.2.3.4
++#
++regexp		= sshd.*Invalid user \S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
++regexp1 	= sshd.*Failed (password|keyboard-interactive/pam) for (?:invalid user )?\S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
++
++# Number of failed login attempts within time before we block
++max_count       = 4
++
++# Time in seconds in which all failed login attempts must occur
++within_time     = 60
++
++# Time in seconds to block ip in firewall
++
++# 10 minutes
++reset_ip       = 600
++
++# IPFW table number to add "bad" hosts
++ipfw2_table_no = 1
++
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list