From a36d49ca600b40fb0dfa977b9ffb53a24f9b8946 Mon Sep 17 00:00:00 2001 From: nils Date: Fri, 27 Nov 2015 15:41:47 +0000 Subject: Updated to 0.9.3. Some of the upstream changes for 0.9.2 : - various typo in config files - filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to ignore system authentication issues - some fixes for EL7 New features : - New filters: - postfix-rbl - apache-fakegooglebot.conf - nginx-botsearch - drupal-auth - New actions: - action.d/firewallcmd-multiport and action.d/firewallcmd-allports - action.d/sendmail-geoip-lines.conf - action.d/nsupdate to update DNSBL - New status argument for fail2ban-client Some of the upstream changes for 0.9.3 : - IMPORTANT incompatible changes: * filter.d/roundcube-auth.conf - Changed logpath to 'errors' log (was 'userlogins') * action.d/iptables-common.conf - All calls to iptables command now use -w switch introduced in iptables 1.4.20 (some distribution could have patched their earlier base version as well) to provide this locking mechanism useful under heavy load to avoid contesting on iptables calls. If you need to disable, define 'action.d/iptables-common.local' with empty value for 'lockingopt' in `[Init]` section. * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines actions now include by default only the first 1000 log lines in the emails. Adjust to augment the behavior. - New Features: * New filters: - froxlor-auth - Thanks Joern Muehlencord - apache-pass - filter Apache access log for successful authentication * New actions: - shorewall-ipset-proto6 - using proto feature of the Shorewall. Still requires manual pre-configuration of the shorewall. See the action file for detail. * New jails: - pass2allow-ftp - allows FTP traffic after successful HTTP authentication --- security/fail2ban/Makefile | 17 ++++++++++------- security/fail2ban/PLIST | 31 ++++++++++++++++++++++++++----- security/fail2ban/distinfo | 9 +++++---- 3 files changed, 41 insertions(+), 16 deletions(-) (limited to 'security') diff --git a/security/fail2ban/Makefile b/security/fail2ban/Makefile index b93d9dff081..0661d94804c 100644 --- a/security/fail2ban/Makefile +++ b/security/fail2ban/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2015/04/14 21:09:48 gdt Exp $ +# $NetBSD: Makefile,v 1.4 2015/11/27 15:41:47 nils Exp $ # -DISTNAME= fail2ban-0.9.1 -PKGREVISION= 2 +DISTNAME= fail2ban-0.9.3 +#PKGREVISION= 2 CATEGORIES= security MASTER_SITES= -https://github.com/fail2ban/fail2ban/archive/${PKGVERSION_NOREV}${EXTRACT_SUFX} EXTRACT_SUFX= .zip @@ -25,22 +25,25 @@ PKG_SYSCONFSUBDIR= fail2ban DOCDIR= ${PREFIX}/share/doc/fail2ban OWN_DIRS= ${PKG_SYSCONFDIR} ${PKG_SYSCONFDIR}/action.d/ ${PKG_SYSCONFDIR}/filter.d/ \ ${VARBASE}/run/fail2ban ${VARBASE}/db/fail2ban -INSTALLATION_DIRS+= ${PKGMANDIR}/man1/ ${PKGMANDIR}/man5/ ${EGDIR} ${EGDIR}/action.d/ ${EGDIR}/filter.d/ \ - ${PKG_SYSCONFDIR} ${PKG_SYSCONFDIR}/action.d/ ${PKG_SYSCONFDIR}/filter.d/ +INSTALLATION_DIRS+= ${PKGMANDIR}/man1/ ${PKGMANDIR}/man5/ ${EGDIR} ${EGDIR}/action.d/ ${EGDIR}/filter.d/ ${EGDIR}/filter.d/ignorecommands/ \ + ${PKG_SYSCONFDIR} ${PKG_SYSCONFDIR}/action.d/ ${PKG_SYSCONFDIR}/filter.d/ ${PKG_SYSCONFDIR}/filter.d/ignorecommands/ + .for config in fail2ban.conf jail.conf paths-common.conf paths-debian.conf paths-fedora.conf paths-freebsd.conf paths-osx.conf paths-netbsd.conf paths-pkgsrc.conf CONF_FILES+= ${EGDIR}/${config} ${PKG_SYSCONFDIR}/${config} .endfor -.for action in apf.conf badips.conf badips.py blocklist_de.conf bsd-ipfw.conf cloudflare.conf complain.conf dshield.conf dummy.conf firewallcmd-ipset.conf firewallcmd-new.conf hostsdeny.conf ipfilter.conf ipfw.conf iptables-allports.conf iptables-common.conf iptables-ipset-proto4.conf iptables-ipset-proto6-allports.conf iptables-ipset-proto6.conf iptables-multiport-log.conf iptables-multiport.conf iptables-new.conf iptables-xt_recent-echo.conf iptables.conf mail-buffered.conf mail-whois-lines.conf mail-whois.conf mail.conf mynetwatchman.conf osx-afctl.conf osx-ipfw.conf pf.conf route.conf sendmail-buffered.conf sendmail-common.conf sendmail-whois-lines.conf sendmail-whois-ipjailmatches.conf sendmail-whois-ipmatches.conf sendmail-whois-matches.conf sendmail-whois.conf sendmail.conf shorewall.conf smtp.py symbiosis-blacklist-allports.conf ufw.conf xarf-login-attack.conf +.for action in pf.conf badips.conf badips.py blocklist_de.conf bsd-ipfw.conf cloudflare.conf complain.conf dshield.conf dummy.conf firewallcmd-allports.conf firewallcmd-ipset.conf firewallcmd-multiport.conf firewallcmd-new.conf hostsdeny.conf ipfilter.conf ipfw.conf iptables-allports.conf iptables-common.conf iptables-ipset-proto4.conf iptables-ipset-proto6-allports.conf iptables-ipset-proto6.conf iptables-multiport-log.conf iptables-multiport.conf iptables-new.conf iptables-xt_recent-echo.conf iptables.conf mail-buffered.conf mail-whois-common.conf mail-whois-lines.conf mail-whois.conf mail.conf mynetwatchman.conf nsupdate.conf osx-afctl.conf osx-ipfw.conf pf.conf route.conf sendmail-buffered.conf sendmail-common.conf sendmail-geoip-lines.conf sendmail-whois-ipjailmatches.conf sendmail-whois-ipmatches.conf sendmail-whois-lines.conf sendmail-whois-matches.conf sendmail-whois.conf sendmail.conf shorewall-ipset-proto6.conf shorewall.conf smtp.py symbiosis-blacklist-allports.conf ufw.conf xarf-login-attack.conf CONF_FILES+= ${EGDIR}/action.d/${action} ${PKG_SYSCONFDIR}/action.d/${action} .endfor -.for filter in 3proxy.conf apache-auth.conf apache-badbots.conf apache-botsearch.conf apache-common.conf apache-modsecurity.conf apache-nohome.conf apache-noscript.conf apache-overflows.conf apache-shellshock.conf assp.conf asterisk.conf common.conf counter-strike.conf courier-auth.conf courier-smtp.conf cyrus-imap.conf dovecot.conf directadmin.conf dropbear.conf ejabberd-auth.conf exim-common.conf exim-spam.conf exim.conf freeswitch.conf groupoffice.conf gssftpd.conf guacamole.conf horde.conf kerio.conf lighttpd-auth.conf monit.conf mysqld-auth.conf nagios.conf named-refused.conf nginx-http-auth.conf nsd.conf openwebmail.conf oracleims.conf pam-generic.conf perdition.conf php-url-fopen.conf portsentry.conf postfix-sasl.conf postfix.conf proftpd.conf pure-ftpd.conf qmail.conf recidive.conf roundcube-auth.conf selinux-common.conf selinux-ssh.conf sendmail-auth.conf sendmail-reject.conf sieve.conf sogo-auth.conf solid-pop3d.conf squid.conf squirrelmail.conf sshd-ddos.conf sshd.conf stunnel.conf suhosin.conf tine20.conf uwimap-auth.conf vsftpd.conf webmin-auth.conf wuftpd.conf xinetd-fail.conf +.for filter in 3proxy.conf apache-auth.conf apache-badbots.conf apache-botsearch.conf apache-common.conf apache-fakegooglebot.conf apache-modsecurity.conf apache-nohome.conf apache-noscript.conf apache-overflows.conf apache-pass.conf apache-shellshock.conf assp.conf asterisk.conf botsearch-common.conf common.conf counter-strike.conf courier-auth.conf courier-smtp.conf cyrus-imap.conf directadmin.conf dovecot.conf dropbear.conf drupal-auth.conf ejabberd-auth.conf exim-common.conf exim-spam.conf exim.conf freeswitch.conf froxlor-auth.conf groupoffice.conf gssftpd.conf guacamole.conf horde.conf kerio.conf lighttpd-auth.conf monit.conf mysqld-auth.conf nagios.conf named-refused.conf nginx-botsearch.conf nginx-http-auth.conf nsd.conf openwebmail.conf oracleims.conf pam-generic.conf perdition.conf php-url-fopen.conf portsentry.conf postfix-rbl.conf postfix-sasl.conf postfix.conf proftpd.conf pure-ftpd.conf qmail.conf recidive.conf roundcube-auth.conf selinux-common.conf selinux-ssh.conf sendmail-auth.conf sendmail-reject.conf sieve.conf sogo-auth.conf solid-pop3d.conf squid.conf squirrelmail.conf sshd-ddos.conf sshd.conf stunnel.conf suhosin.conf tine20.conf uwimap-auth.conf vsftpd.conf webmin-auth.conf wuftpd.conf xinetd-fail.conf CONF_FILES+= ${EGDIR}/filter.d/${filter} ${PKG_SYSCONFDIR}/filter.d/${filter} .endfor +CONF_FILES+= ${EGDIR}/filter.d/ignorecommands/apache-fakegooglebot ${PKG_SYSCONFDIR}/filter.d/ignorecommands/apache-fakegooglebot + TXTDOCFILES+= develop.txt fail2ban.txt fail2ban.client.txt fail2ban.client.actionreader.txt fail2ban.client.beautifier.txt fail2ban.client.configparserinc.txt fail2ban.client.configreader.txt fail2ban.client.configurator.txt fail2ban.client.csocket.txt fail2ban.client.fail2banreader.txt fail2ban.client.filterreader.txt fail2ban.client.jailreader.txt fail2ban.exceptions.txt fail2ban.client.jailsreader.txt fail2ban.helpers.txt fail2ban.protocol.txt fail2ban.server.txt fail2ban.server.action.txt fail2ban.server.actions.txt fail2ban.server.asyncserver.txt fail2ban.server.banmanager.txt fail2ban.server.database.txt fail2ban.server.datedetector.txt fail2ban.server.datetemplate.txt fail2ban.server.faildata.txt fail2ban.server.failmanager.txt filters.txt fail2ban.server.failregex.txt fail2ban.server.filter.txt fail2ban.server.filtergamin.txt fail2ban.server.filterpoll.txt fail2ban.server.filterpyinotify.txt fail2ban.server.filtersystemd.txt fail2ban.server.jail.txt fail2ban.server.jails.txt fail2ban.server.jailthread.txt fail2ban.server.mytime.txt fail2ban.server.server.txt fail2ban.server.strptime.txt fail2ban.server.ticket.txt fail2ban.server.transmitter.txt fail2ban.version.txt index.txt release.txt AUTO_MKDIRS= yes diff --git a/security/fail2ban/PLIST b/security/fail2ban/PLIST index ac314d9089c..ee04eec4d0f 100644 --- a/security/fail2ban/PLIST +++ b/security/fail2ban/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1 2015/02/09 10:05:25 nils Exp $ +@comment $NetBSD: PLIST,v 1.2 2015/11/27 15:41:47 nils Exp $ bin/fail2ban-client bin/fail2ban-regex bin/fail2ban-server @@ -151,6 +151,8 @@ ${PYSITELIB}/fail2ban/tests/clientreadertestcase.pyo ${PYSITELIB}/fail2ban/tests/config/action.d/brokenaction.conf ${PYSITELIB}/fail2ban/tests/config/fail2ban.conf ${PYSITELIB}/fail2ban/tests/config/filter.d/simple.conf +${PYSITELIB}/fail2ban/tests/config/filter.d/test.conf +${PYSITELIB}/fail2ban/tests/config/filter.d/test.local ${PYSITELIB}/fail2ban/tests/config/jail.conf ${PYSITELIB}/fail2ban/tests/databasetestcase.py ${PYSITELIB}/fail2ban/tests/databasetestcase.pyc @@ -167,6 +169,9 @@ ${PYSITELIB}/fail2ban/tests/failmanagertestcase.pyo ${PYSITELIB}/fail2ban/tests/files/action.d/action.py ${PYSITELIB}/fail2ban/tests/files/action.d/action.pyc ${PYSITELIB}/fail2ban/tests/files/action.d/action.pyo +${PYSITELIB}/fail2ban/tests/files/action.d/action_checkainfo.py +${PYSITELIB}/fail2ban/tests/files/action.d/action_checkainfo.pyc +${PYSITELIB}/fail2ban/tests/files/action.d/action_checkainfo.pyo ${PYSITELIB}/fail2ban/tests/files/action.d/action_errors.py ${PYSITELIB}/fail2ban/tests/files/action.d/action_errors.pyc ${PYSITELIB}/fail2ban/tests/files/action.d/action_errors.pyo @@ -208,10 +213,12 @@ ${PYSITELIB}/fail2ban/tests/files/logs/3proxy ${PYSITELIB}/fail2ban/tests/files/logs/apache-auth ${PYSITELIB}/fail2ban/tests/files/logs/apache-badbots ${PYSITELIB}/fail2ban/tests/files/logs/apache-botsearch +${PYSITELIB}/fail2ban/tests/files/logs/apache-fakegooglebot ${PYSITELIB}/fail2ban/tests/files/logs/apache-modsecurity ${PYSITELIB}/fail2ban/tests/files/logs/apache-nohome ${PYSITELIB}/fail2ban/tests/files/logs/apache-noscript ${PYSITELIB}/fail2ban/tests/files/logs/apache-overflows +${PYSITELIB}/fail2ban/tests/files/logs/apache-pass ${PYSITELIB}/fail2ban/tests/files/logs/apache-shellshock ${PYSITELIB}/fail2ban/tests/files/logs/assp ${PYSITELIB}/fail2ban/tests/files/logs/asterisk @@ -225,10 +232,12 @@ ${PYSITELIB}/fail2ban/tests/files/logs/cyrus-imap ${PYSITELIB}/fail2ban/tests/files/logs/directadmin ${PYSITELIB}/fail2ban/tests/files/logs/dovecot ${PYSITELIB}/fail2ban/tests/files/logs/dropbear +${PYSITELIB}/fail2ban/tests/files/logs/drupal-auth ${PYSITELIB}/fail2ban/tests/files/logs/ejabberd-auth ${PYSITELIB}/fail2ban/tests/files/logs/exim ${PYSITELIB}/fail2ban/tests/files/logs/exim-spam ${PYSITELIB}/fail2ban/tests/files/logs/freeswitch +${PYSITELIB}/fail2ban/tests/files/logs/froxlor-auth ${PYSITELIB}/fail2ban/tests/files/logs/groupoffice ${PYSITELIB}/fail2ban/tests/files/logs/gssftpd ${PYSITELIB}/fail2ban/tests/files/logs/guacamole @@ -239,6 +248,7 @@ ${PYSITELIB}/fail2ban/tests/files/logs/monit ${PYSITELIB}/fail2ban/tests/files/logs/mysqld-auth ${PYSITELIB}/fail2ban/tests/files/logs/nagios ${PYSITELIB}/fail2ban/tests/files/logs/named-refused +${PYSITELIB}/fail2ban/tests/files/logs/nginx-botsearch ${PYSITELIB}/fail2ban/tests/files/logs/nginx-http-auth ${PYSITELIB}/fail2ban/tests/files/logs/nsd ${PYSITELIB}/fail2ban/tests/files/logs/openwebmail @@ -248,6 +258,7 @@ ${PYSITELIB}/fail2ban/tests/files/logs/perdition ${PYSITELIB}/fail2ban/tests/files/logs/php-url-fopen ${PYSITELIB}/fail2ban/tests/files/logs/portsentry ${PYSITELIB}/fail2ban/tests/files/logs/postfix +${PYSITELIB}/fail2ban/tests/files/logs/postfix-rbl ${PYSITELIB}/fail2ban/tests/files/logs/postfix-sasl ${PYSITELIB}/fail2ban/tests/files/logs/proftpd ${PYSITELIB}/fail2ban/tests/files/logs/pure-ftpd @@ -362,7 +373,9 @@ share/examples/fail2ban/action.d/cloudflare.conf share/examples/fail2ban/action.d/complain.conf share/examples/fail2ban/action.d/dshield.conf share/examples/fail2ban/action.d/dummy.conf +share/examples/fail2ban/action.d/firewallcmd-allports.conf share/examples/fail2ban/action.d/firewallcmd-ipset.conf +share/examples/fail2ban/action.d/firewallcmd-multiport.conf share/examples/fail2ban/action.d/firewallcmd-new.conf share/examples/fail2ban/action.d/hostsdeny.conf share/examples/fail2ban/action.d/ipfilter.conf @@ -378,22 +391,26 @@ share/examples/fail2ban/action.d/iptables-new.conf share/examples/fail2ban/action.d/iptables-xt_recent-echo.conf share/examples/fail2ban/action.d/iptables.conf share/examples/fail2ban/action.d/mail-buffered.conf +share/examples/fail2ban/action.d/mail-whois-common.conf share/examples/fail2ban/action.d/mail-whois-lines.conf share/examples/fail2ban/action.d/mail-whois.conf share/examples/fail2ban/action.d/mail.conf share/examples/fail2ban/action.d/mynetwatchman.conf +share/examples/fail2ban/action.d/nsupdate.conf share/examples/fail2ban/action.d/osx-afctl.conf share/examples/fail2ban/action.d/osx-ipfw.conf share/examples/fail2ban/action.d/pf.conf share/examples/fail2ban/action.d/route.conf share/examples/fail2ban/action.d/sendmail-buffered.conf share/examples/fail2ban/action.d/sendmail-common.conf +share/examples/fail2ban/action.d/sendmail-geoip-lines.conf share/examples/fail2ban/action.d/sendmail-whois-ipjailmatches.conf share/examples/fail2ban/action.d/sendmail-whois-ipmatches.conf share/examples/fail2ban/action.d/sendmail-whois-lines.conf share/examples/fail2ban/action.d/sendmail-whois-matches.conf share/examples/fail2ban/action.d/sendmail-whois.conf share/examples/fail2ban/action.d/sendmail.conf +share/examples/fail2ban/action.d/shorewall-ipset-proto6.conf share/examples/fail2ban/action.d/shorewall.conf share/examples/fail2ban/action.d/smtp.py share/examples/fail2ban/action.d/symbiosis-blacklist-allports.conf @@ -405,13 +422,16 @@ share/examples/fail2ban/filter.d/apache-auth.conf share/examples/fail2ban/filter.d/apache-badbots.conf share/examples/fail2ban/filter.d/apache-botsearch.conf share/examples/fail2ban/filter.d/apache-common.conf +share/examples/fail2ban/filter.d/apache-fakegooglebot.conf share/examples/fail2ban/filter.d/apache-modsecurity.conf share/examples/fail2ban/filter.d/apache-nohome.conf share/examples/fail2ban/filter.d/apache-noscript.conf share/examples/fail2ban/filter.d/apache-overflows.conf +share/examples/fail2ban/filter.d/apache-pass.conf share/examples/fail2ban/filter.d/apache-shellshock.conf share/examples/fail2ban/filter.d/assp.conf share/examples/fail2ban/filter.d/asterisk.conf +share/examples/fail2ban/filter.d/botsearch-common.conf share/examples/fail2ban/filter.d/common.conf share/examples/fail2ban/filter.d/counter-strike.conf share/examples/fail2ban/filter.d/courier-auth.conf @@ -420,21 +440,25 @@ share/examples/fail2ban/filter.d/cyrus-imap.conf share/examples/fail2ban/filter.d/directadmin.conf share/examples/fail2ban/filter.d/dovecot.conf share/examples/fail2ban/filter.d/dropbear.conf +share/examples/fail2ban/filter.d/drupal-auth.conf share/examples/fail2ban/filter.d/ejabberd-auth.conf share/examples/fail2ban/filter.d/exim-common.conf share/examples/fail2ban/filter.d/exim-spam.conf share/examples/fail2ban/filter.d/exim.conf share/examples/fail2ban/filter.d/freeswitch.conf +share/examples/fail2ban/filter.d/froxlor-auth.conf share/examples/fail2ban/filter.d/groupoffice.conf share/examples/fail2ban/filter.d/gssftpd.conf share/examples/fail2ban/filter.d/guacamole.conf share/examples/fail2ban/filter.d/horde.conf +share/examples/fail2ban/filter.d/ignorecommands/apache-fakegooglebot share/examples/fail2ban/filter.d/kerio.conf share/examples/fail2ban/filter.d/lighttpd-auth.conf share/examples/fail2ban/filter.d/monit.conf share/examples/fail2ban/filter.d/mysqld-auth.conf share/examples/fail2ban/filter.d/nagios.conf share/examples/fail2ban/filter.d/named-refused.conf +share/examples/fail2ban/filter.d/nginx-botsearch.conf share/examples/fail2ban/filter.d/nginx-http-auth.conf share/examples/fail2ban/filter.d/nsd.conf share/examples/fail2ban/filter.d/openwebmail.conf @@ -443,6 +467,7 @@ share/examples/fail2ban/filter.d/pam-generic.conf share/examples/fail2ban/filter.d/perdition.conf share/examples/fail2ban/filter.d/php-url-fopen.conf share/examples/fail2ban/filter.d/portsentry.conf +share/examples/fail2ban/filter.d/postfix-rbl.conf share/examples/fail2ban/filter.d/postfix-sasl.conf share/examples/fail2ban/filter.d/postfix.conf share/examples/fail2ban/filter.d/proftpd.conf @@ -477,7 +502,3 @@ share/examples/fail2ban/paths-freebsd.conf share/examples/fail2ban/paths-netbsd.conf share/examples/fail2ban/paths-osx.conf share/examples/fail2ban/paths-pkgsrc.conf -@pkgdir share/examples/fail2ban/jail.d -@pkgdir share/examples/fail2ban/fail2ban.d -@pkgdir etc/fail2ban/filter.d -@pkgdir etc/fail2ban/action.d diff --git a/security/fail2ban/distinfo b/security/fail2ban/distinfo index 171abd9c20a..afd2483f3ef 100644 --- a/security/fail2ban/distinfo +++ b/security/fail2ban/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.1 2015/02/09 10:05:25 nils Exp $ +$NetBSD: distinfo,v 1.2 2015/11/27 15:41:47 nils Exp $ -SHA1 (fail2ban-0.9.1.zip) = 1b402896454b46ee92fab09f2126a93c02b16ceb -RMD160 (fail2ban-0.9.1.zip) = aad8d5d49bfd5547e528b283ccc764d4916fa1fb -Size (fail2ban-0.9.1.zip) = 469965 bytes +SHA1 (fail2ban-0.9.3.zip) = ddcffd34fd968f512c22a9e85b5608c09ff8ef1e +RMD160 (fail2ban-0.9.3.zip) = 22d77678515fc40e1b92ee4e1bced086b6cb60f2 +SHA512 (fail2ban-0.9.3.zip) = 5948b59fad867516e5eb047f4a0ed665996da8070d5382a63d8339a9ec04629f052120533b021902f3bc84d0cecaaf5e75efeeb6c4664bbbf26dd33e2d32e772 +Size (fail2ban-0.9.3.zip) = 503756 bytes SHA1 (patch-doc_Makefile) = b17d28b1ef79b0cf86e4cd5d6eaa3e3d1bc2da39 -- cgit v1.2.3