ports/173956: [maintainer-update] fail2ban: minor fixes and enhancements

Christoph Theis theis at gmx.at
Tue Nov 27 19:10:01 UTC 2012 

>Number:         173956
>Category:       ports
>Synopsis:       [maintainer-update] fail2ban: minor fixes and enhancements
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 27 19:10:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Christoph Theis
>Release:        
>Organization:
>Environment:
>Description:
Add some minor fixes and enhancements to current fail2ban:
1) Add a fix for https://github.com/fail2ban/fail2ban/issues/91
(Spurious UTF8 in SYSLOG is not fully fixed)
2) Add a filter for sendmail, the default mailer on FreeBSD
3) Make the ipfw table used in the action bsd-ipfw configurable

Many thanks to Andrey Chernov for submittin me the patches

The diff was created with svn. I hope it is in the right format.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: Makefile
===================================================================
--- Makefile	(revision 307858)
+++ Makefile	(working copy)
@@ -3,6 +3,7 @@
 
 PORTNAME=	fail2ban
 PORTVERSION=	0.8.7.1
+PORTREVISION=   1
 CATEGORIES=	security python
 MASTER_SITES=	https://github.com/${PORTNAME}/${PORTNAME}/tarball/${PORTVERSION}/
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
Index: files/patch-actions.py
===================================================================
--- files/patch-actions.py	(revision 0)
+++ files/patch-actions.py	(working copy)
@@ -0,0 +1,5 @@
+--- server/actions.py.orig	2012-11-27 18:16:18.000000000 +0100
++++ server/actions.py	2012-11-27 18:17:04.000000000 +0100
+@@ -206 +206 @@
+-		logSys.warn("[%s] Unban %s" % (self.jail.getName(), aInfo["ip"]))
++		logSys.warn("[%s] Unban %s" % (self.jail.getName(), str(aInfo["ip"])))
Index: files/patch-bsd-ipfw.conf
===================================================================
--- files/patch-bsd-ipfw.conf	(revision 307858)
+++ files/patch-bsd-ipfw.conf	(working copy)
@@ -1,6 +1,6 @@
---- /dev/null	2010-01-12 16:33:00.000000000 -0500
-+++ ./config/action.d/bsd-ipfw.conf	2010-01-12 16:26:51.000000000 -0500
-@@ -0,0 +1,65 @@
+--- /dev/null	2012-11-27 18:04:17.000000000 +0100
++++ config/action.d/bsd-ipfw.conf	2012-11-27 18:06:29.000000000 +0100
+@@ -0,0 +1,72 @@
 +# Fail2Ban configuration file
 +#
 +# Author: Nick Munger
@@ -36,10 +36,11 @@
 +# Tags:    <ip>  IP address
 +#          <failures>  number of failures
 +#          <time>  unix timestamp of the ban time
++#          <table> ipfw table to use
 +# Values:  CMD
 +#
 +# requires an ipfw rule like "deny ip from table(1) to me"
-+actionban = ipfw table 1 add <ip>
++actionban = ipfw table <table> add <ip>
 +
 +
 +# Option:  actionunban
@@ -48,9 +49,10 @@
 +# Tags:    <ip>  IP address
 +#          <failures>  number of failures
 +#          <time>  unix timestamp of the ban time
++#          <table> ipfw table to use
 +# Values:  CMD
 +#
-+actionunban = ipfw table 1 delete <ip>
++actionunban = ipfw table <table> delete <ip>
 +
 +[Init]
 +
@@ -66,3 +68,8 @@
 +# Values:  IP
 +#
 +localhost = 127.0.0.1
++
++# Option:  table
++# Notes:   the ipfw table to use
++# Values:  NUM
++table = 1
Index: files/patch-bsd-sendmail.conf
===================================================================
--- files/patch-bsd-sendmail.conf	(revision 0)
+++ files/patch-bsd-sendmail.conf	(working copy)
@@ -0,0 +1,38 @@
+--- /dev/null	2012-11-27 18:33:00.000000000 +0100
++++ config/filter.d/bsd-sendmail.conf	2012-11-27 18:32:47.000000000 +0100
+@@ -0,0 +1,35 @@
++# Fail2Ban configuration file
++#
++# Source: http://www.the-art-of-web.com/system/fail2ban-sendmail
++# Contributors: Gutza, the SASL regex
++#
++# $Revision$
++
++[INCLUDES]
++
++# Read common prefixes. If any customizations available -- read them from
++# common.local
++before = common.conf
++
++[Definition]
++
++# Option:  failregex
++# Notes.:  regex to match the password failures messages in the logfile. 
++#          The host must be matched by a group named "host". 
++#          The tag "<HOST>" can be used for standard IP/hostname matching
++#          and is only an alias for (':::f{4,6}:)?(?P<host>\S+)
++# Values:  TEXT
++
++failregex = \[<HOST>\] .*to MTA
++#           \[<HOST>\] \(may be forged\)
++            \[<HOST>\], reject.*\.\.\. Relaying denied
++            (User unknown)\n* \[<HOST>\]
++            badlogin: .* \[<HOST>\] plaintext .* SASL
++            \[<HOST>\]: possible SMTP attack:
++
++# Option:  ignoreregex
++# Notes.:  regex to ignore. If this regex matces, the line is ignored.
++# Values:  TEXT
++
++ignoreregex = 
++


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list