diff options
| author |   Markos Chandras <hwoarang@gentoo.org> | 2011-12-30 10:18:51 +0000 |
|---|---|---|
| committer | Markos Chandras <hwoarang@gentoo.org> | 2011-12-30 10:18:51 +0000 |
| commit | c389f75a7dc859d225427cec0f96fb79c3cc9ee6 (patch) | |
| tree | 08a20f89da630093222c7357b90189b82326a138 /net-analyzer/fail2ban | |
| parent | Stable for AMD64, wrt security bug #396455 (diff) | |
| download | gentoo-2-c389f75a7dc859d225427cec0f96fb79c3cc9ee6.tar.gz gentoo-2-c389f75a7dc859d225427cec0f96fb79c3cc9ee6.tar.bz2 gentoo-2-c389f75a7dc859d225427cec0f96fb79c3cc9ee6.zip | |
Version bump. Bug #392481
(Portage version: 2.2.0_alpha82/cvs/Linux x86_64)
Diffstat (limited to 'net-analyzer/fail2ban')
| -rw-r--r-- | net-analyzer/fail2ban/ChangeLog | 8 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/fail2ban-0.8.6.ebuild | 71 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/files/fail2ban-0.8.6-sshd-breakin.patch | 15 |
3 files changed, 93 insertions, 1 deletions
diff --git a/net-analyzer/fail2ban/ChangeLog b/net-analyzer/fail2ban/ChangeLog index 982fcd072528..cdef38ed6ff6 100644 --- a/net-analyzer/fail2ban/ChangeLog +++ b/net-analyzer/fail2ban/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-analyzer/fail2ban # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.74 2011/12/15 08:50:08 scarabeus Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.75 2011/12/30 10:18:51 hwoarang Exp $ + +*fail2ban-0.8.6 (30 Dec 2011) + + 30 Dec 2011; Markos Chandras <hwoarang@gentoo.org> +fail2ban-0.8.6.ebuild, + +files/fail2ban-0.8.6-sshd-breakin.patch: + Version bump. Bug #392481 *fail2ban-0.8.4-r4 (15 Dec 2011) diff --git a/net-analyzer/fail2ban/fail2ban-0.8.6.ebuild b/net-analyzer/fail2ban/fail2ban-0.8.6.ebuild new file mode 100644 index 000000000000..d46de6b1033c --- /dev/null +++ b/net-analyzer/fail2ban/fail2ban-0.8.6.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/fail2ban-0.8.6.ebuild,v 1.1 2011/12/30 10:18:51 hwoarang Exp $ + +EAPI="3" +PYTHON_DEPEND="2" + +inherit distutils eutils + +DESCRIPTION="Bans IP that make too many password failures" +HOMEPAGE="http://fail2ban.sourceforge.net/" +SRC_URI="https://github.com/${PN}/${PN}/tarball/${PV} -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="selinux" + +DEPEND="selinux? ( sec-policy/selinux-fail2ban )" +RDEPEND="net-misc/whois + virtual/mta + net-firewall/iptables + selinux? ( sec-policy/selinux-fail2ban )" + +S="${WORKDIR}"/${PN}-${PN}-a20d1f8 + +pkg_setup() { + python_set_active_version 2 + python_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-sshd-breakin.patch + distutils_src_prepare +} + +src_install() { + distutils_src_install + + newconfd files/gentoo-confd fail2ban || die + newinitd files/gentoo-initd fail2ban || die + dodoc ChangeLog README TODO || die "dodoc failed" + doman man/*.1 || die "doman failed" + + # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d. + # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675 + insinto /etc/logrotate.d + newins "${FILESDIR}"/${PN}-logrotate ${PN} || die +} + +pkg_preinst() { + has_version "<${CATEGORY}/${PN}-0.7" + previous_less_than_0_7=$? +} + +pkg_postinst() { + distutils_pkg_postinst + + if [[ $previous_less_than_0_7 = 0 ]] ; then + elog + elog "Configuration files are now in /etc/fail2ban/" + elog "You probably have to manually update your configuration" + elog "files before restarting Fail2ban!" + elog + elog "Fail2ban is not installed under /usr/lib anymore. The" + elog "new location is under /usr/share." + elog + elog "You are upgrading from version 0.6.x, please see:" + elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8" + fi +} diff --git a/net-analyzer/fail2ban/files/fail2ban-0.8.6-sshd-breakin.patch b/net-analyzer/fail2ban/files/fail2ban-0.8.6-sshd-breakin.patch new file mode 100644 index 000000000000..508b2d41d33f --- /dev/null +++ b/net-analyzer/fail2ban/files/fail2ban-0.8.6-sshd-breakin.patch @@ -0,0 +1,15 @@ +Index: fail2ban-fail2ban-a20d1f8/config/filter.d/sshd.conf +=================================================================== +--- fail2ban-fail2ban-a20d1f8.orig/config/filter.d/sshd.conf ++++ fail2ban-fail2ban-a20d1f8/config/filter.d/sshd.conf +@@ -31,8 +31,8 @@ failregex = ^%(__prefix_line)s(?:error: + ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers$ + ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ + ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ +- ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\s*$ +- ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$ ++ ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT!*\s*$ ++ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$ + + # Option: ignoreregex + # Notes.: regex to ignore. If this regex matches, the line is ignored. |