Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=4c1092a78abed8957f19e57ba65fa11e70a9abcf

commit 4c1092a78abed8957f19e57ba65fa11e70a9abcf
Author: bouleetbil <bouleet...@frogdev.info>
Date:   Wed May 25 11:55:28 2011 +0200

fail2ban-0.8.4-1-x86_64
*new package

diff --git a/source/network-extra/fail2ban/FrugalBuild 
b/source/network-extra/fail2ban/FrugalBuild
new file mode 100644
index 0000000..2555032
--- /dev/null
+++ b/source/network-extra/fail2ban/FrugalBuild
@@ -0,0 +1,35 @@
+# Compiling Time: 0.11 SBU
+# Maintainer: bouleetbil <bouleet...@frogdev.info>
+
+pkgname=fail2ban
+pkgver=0.8.4
+pkgrel=1
+pkgdesc="Bans IP that make too many password failures"
+depends=('iptables' 'whois')
+groups=('network-extra')
+archs=('i686' 'x86_64')
+_F_sourceforge_subdir="fail2ban-stable"
+_F_sourceforge_ext=".tar.bz2"
+Finclude sourceforge
+source=($source fail2ban-0.8.4-cve2009-5023.patch 
fail2ban-0.8.4-sshd-breakin.patch \
+       fail2ban-0.8.4-hashlib.patch rc.fail2ban)
+sha1sums=('0816a9f8d54013dc9b395284caff3c54f44377d8' \
+          '73cc35b8cc823e0a1d5f84aa1791be329cc38e2d' \
+          'c9780ec64a8e59cee3c74be2863b3816ff6b16e8' \
+          '2385a85135b9040239901d381fb2cec564f7463b' \
+          'e940614b9fd6dcd9f95b4f04da942436a1ce7b05')
+backup=(etc/fail2ban/{fail2ban,jail}.conf)
+
+build() {
+       Fbuild
+       Frcd2
+       # systemd tmpfiles
+       Frm var/run
+       Fmkdir /etc/tmpfiles.d
+        cat > $Fdestdir/etc/tmpfiles.d/fail2ban.conf << EOF
+D /var/run/fail2ban 0755 root root -
+EOF
+
+}
+
+# optimization OK
diff --git a/source/network-extra/fail2ban/fail2ban-0.8.4-cve2009-5023.patch 
b/source/network-extra/fail2ban/fail2ban-0.8.4-cve2009-5023.patch
new file mode 100644
index 0000000..d1b69a4
--- /dev/null
+++ b/source/network-extra/fail2ban/fail2ban-0.8.4-cve2009-5023.patch
@@ -0,0 +1,45 @@
+Index: config/action.d/mail-buffered.conf
+===================================================================
+--- config/action.d/mail-buffered.conf (revision 766)
++++ config/action.d/mail-buffered.conf (revision 767)
+@@ -81,7 +81,7 @@
+
+ # Default temporary file
+ #
+-tmpfile = /tmp/fail2ban-mail.txt
++tmpfile = /var/run/fail2ban/tmp-mail.txt
+
+ # Destination/Addressee of the mail
+ #
+Index: config/action.d/sendmail-buffered.conf
+===================================================================
+--- config/action.d/sendmail-buffered.conf     (revision 766)
++++ config/action.d/sendmail-buffered.conf     (revision 767)
+@@ -101,5 +101,5 @@
+
+ # Default temporary file
+ #
+-tmpfile = /tmp/fail2ban-mail.txt
++tmpfile = /var/run/fail2ban/tmp-mail.txt
+
+Index: config/action.d/dshield.conf
+===================================================================
+--- config/action.d/dshield.conf       (revision 766)
++++ config/action.d/dshield.conf       (revision 767)
+@@ -206,5 +206,5 @@
+ # Notes.:  Base name of temporary files used for buffering
+ # Values:  [ STRING ]  Default: /tmp/fail2ban-dshield
+ #
+-tmpfile = /tmp/fail2ban-dshield
++tmpfile = /var/run/fail2ban/tmp-dshield
+
+Index: config/action.d/mynetwatchman.conf
+===================================================================
+--- config/action.d/mynetwatchman.conf (revision 766)
++++ config/action.d/mynetwatchman.conf (revision 767)
+@@ -141,4 +141,4 @@
+ # Notes.:  Base name of temporary files
+ # Values:  [ STRING ]  Default: /tmp/fail2ban-mynetwatchman
+ #
+-tmpfile = /tmp/fail2ban-mynetwatchman
++tmpfile = /var/run/fail2ban/tmp-mynetwatchman
diff --git a/source/network-extra/fail2ban/fail2ban-0.8.4-hashlib.patch 
b/source/network-extra/fail2ban/fail2ban-0.8.4-hashlib.patch
new file mode 100644
index 0000000..4ab90b8
--- /dev/null
+++ b/source/network-extra/fail2ban/fail2ban-0.8.4-hashlib.patch
@@ -0,0 +1,31 @@
+Index: fail2ban-0.8.4/server/filter.py
+===================================================================
+--- fail2ban-0.8.4.orig/server/filter.py
++++ fail2ban-0.8.4/server/filter.py
+@@ -439,7 +439,7 @@ class FileFilter(Filter):
+ # In order to detect log rotation, the hash (MD5) of the first line of the 
file
+ # is computed and compared to the previous hash of this line.
+
+-import md5
++import hashlib
+
+ class FileContainer:
+
+@@ -454,7 +454,7 @@ class FileContainer:
+               try:
+                       firstLine = handler.readline()
+                       # Computes the MD5 of the first line.
+-                      self.__hash = md5.new(firstLine).digest()
++                      self.__hash = hashlib.md5(firstLine).digest()
+                       # Start at the beginning of file if tail mode is off.
+                       if tail:
+                               handler.seek(0, 2)
+@@ -471,7 +471,7 @@ class FileContainer:
+               self.__handler = open(self.__filename)
+               firstLine = self.__handler.readline()
+               # Computes the MD5 of the first line.
+-              myHash = md5.new(firstLine).digest()
++              myHash = hashlib.md5(firstLine).digest()
+               stats = os.fstat(self.__handler.fileno())
+               # Compare hash and inode
+               if self.__hash != myHash or self.__ino != stats.st_ino:
diff --git a/source/network-extra/fail2ban/fail2ban-0.8.4-sshd-breakin.patch 
b/source/network-extra/fail2ban/fail2ban-0.8.4-sshd-breakin.patch
new file mode 100644
index 0000000..dcfc43f
--- /dev/null
+++ b/source/network-extra/fail2ban/fail2ban-0.8.4-sshd-breakin.patch
@@ -0,0 +1,15 @@
+Index: fail2ban-0.8.4/config/filter.d/sshd.conf
+===================================================================
+--- fail2ban-0.8.4.orig/config/filter.d/sshd.conf
++++ fail2ban-0.8.4/config/filter.d/sshd.conf
+@@ -31,8 +31,8 @@ failregex = ^%(__prefix_line)s(?:error:
+             ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not 
listed in AllowUsers$
+             ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* 
euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+             ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
+-            ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN 
ATTEMPT!*\s*$
+-            ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none 
of user's groups are listed in AllowGroups$
++            ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* 
\[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT\!\s*
++          ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of 
user's groups are listed in AllowGroups$
+
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/source/network-extra/fail2ban/rc.fail2ban 
b/source/network-extra/fail2ban/rc.fail2ban
new file mode 100644
index 0000000..2bb0656
--- /dev/null
+++ b/source/network-extra/fail2ban/rc.fail2ban
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# (c) 2011 bouleetbil <bouleet...@frogdev.info>
+# rc.fail2ban for FrugalWare
+# distributed under GPL License
+#
+# chkconfig: 345 92 08
+# description: Fail2ban daemon
+# process name: fail2ban-server
+
+
+source /lib/initscripts/functions
+TEXTDOMAIN=fail2ban
+TEXTDOMAINDIR=/lib/initscripts/messages
+daemon=$"fail2ban daemon"
+
+actions=(start stop)
+
+
+# Check that the config file exists
+[ -f /etc/fail2ban/fail2ban.conf ] || exit 0
+
+FAIL2BAN="/usr/bin/fail2ban-client"
+pid=`ps -eo pid,comm | grep fail2ban- | awk '{ print $1 }'`
+
+
+rc_start() {
+       start_msg
+       if [ -z "$pid" ]; then
+               rm -rf /var/run/fail2ban/fail2ban.sock # in case of unclean 
shutdown
+               ${FAIL2BAN} start &> /dev/null
+               ok $?
+       else
+               ok 999
+       fi
+}
+
+rc_stop() {
+       stop_msg
+       if [ -z "$pid" ]; then
+               ok 999
+       else
+               ${FAIL2BAN} stop > /dev/null
+               ok $?
+       fi
+}
+
+rc_exec $1
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to