svn commit: r377762 - in head/security/sshguard: . files

Mark Felder feld at FreeBSD.org
Fri Jan 23 20:15:35 UTC 2015 

Author: feld
Date: Fri Jan 23 20:15:34 2015
New Revision: 377762
URL: https://svnweb.freebsd.org/changeset/ports/377762
QAT: https://qat.redports.org/buildarchive/r377762/

Log:
  Patch parser to fix matching for Cyrus IMAP login attempts which are not
  plaintext.
  
  PR:		196943
  Submitted by:	jakob.alvermark at bsdlabs.com

Modified:
  head/security/sshguard/Makefile
  head/security/sshguard/files/patch-src-parser-attack_scanner.l

Modified: head/security/sshguard/Makefile
==============================================================================
--- head/security/sshguard/Makefile	Fri Jan 23 20:14:37 2015	(r377761)
+++ head/security/sshguard/Makefile	Fri Jan 23 20:15:34 2015	(r377762)
@@ -3,7 +3,7 @@
 
 PORTNAME=	sshguard
 PORTVERSION=	1.5
-PORTREVISION=	9
+PORTREVISION=	10
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/sshguard-${PORTVERSION}
 

Modified: head/security/sshguard/files/patch-src-parser-attack_scanner.l
==============================================================================
--- head/security/sshguard/files/patch-src-parser-attack_scanner.l	Fri Jan 23 20:14:37 2015	(r377761)
+++ head/security/sshguard/files/patch-src-parser-attack_scanner.l	Fri Jan 23 20:15:34 2015	(r377762)
@@ -1,6 +1,6 @@
---- src/parser/attack_scanner.l.orig	2012-12-19 10:58:02.992356246 +0000
-+++ src/parser/attack_scanner.l	2012-12-19 10:58:22.407356894 +0000
-@@ -127,7 +127,7 @@
+--- src/parser/attack_scanner.l.orig	2011-02-09 12:01:47 UTC
++++ src/parser/attack_scanner.l
+@@ -127,7 +127,7 @@ IPV4MAPPED6 ((:(:0{1,4}){0,4}|0{1,4}:(:0
  
  
   /* SSH: invalid or rejected user (cross platform [generated by openssh]) */
@@ -9,3 +9,12 @@
   /* match disallowed user (not in AllowUsers/AllowGroups or in DenyUsers/DenyGroups) on Linux Ubuntu/FreeBSD */
   /* "User tinydns from 1.2.3.4 not allowed because not listed in AllowUsers" */
  "User ".+" from "                                               { BEGIN(ssh_notallowed); return SSH_NOTALLOWEDPREF; }
+@@ -175,7 +175,7 @@ IPV4MAPPED6 ((:(:0{1,4}){0,4}|0{1,4}:(:0
+ 
+  /* cyrus-imap login error */
+ "badlogin: "[^\[]*"["                                           { BEGIN(cyrusimap_loginerr); return CYRUSIMAP_SASL_LOGINERR_PREF; }
+-<cyrusimap_loginerr>"] ".*"SASL".*"checkpass failed"            { BEGIN(INITIAL); return CYRUSIMAP_SASL_LOGINERR_SUFF; }
++<cyrusimap_loginerr>"] ".*"SASL".*"failed".?$                   { BEGIN(INITIAL); return CYRUSIMAP_SASL_LOGINERR_SUFF; }
+ 
+  /* FreeBSD's ftpd login errors */
+ "FTP LOGIN FAILED FROM "                                        { BEGIN(freebsdftpd_loginerr); return FREEBSDFTPD_LOGINERR_PREF; }

More information about the svn-ports-all mailing list