summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkos Chandras <hwoarang@gentoo.org>2011-12-30 10:18:51 +0000
committerMarkos Chandras <hwoarang@gentoo.org>2011-12-30 10:18:51 +0000
commitc389f75a7dc859d225427cec0f96fb79c3cc9ee6 (patch)
tree08a20f89da630093222c7357b90189b82326a138 /net-analyzer
parentStable for AMD64, wrt security bug #396455 (diff)
downloadgentoo-2-c389f75a7dc859d225427cec0f96fb79c3cc9ee6.tar.gz
gentoo-2-c389f75a7dc859d225427cec0f96fb79c3cc9ee6.tar.bz2
gentoo-2-c389f75a7dc859d225427cec0f96fb79c3cc9ee6.zip
Version bump. Bug #392481
(Portage version: 2.2.0_alpha82/cvs/Linux x86_64)
Diffstat (limited to 'net-analyzer')
-rw-r--r--net-analyzer/fail2ban/ChangeLog8
-rw-r--r--net-analyzer/fail2ban/fail2ban-0.8.6.ebuild71
-rw-r--r--net-analyzer/fail2ban/files/fail2ban-0.8.6-sshd-breakin.patch15
3 files changed, 93 insertions, 1 deletions
diff --git a/net-analyzer/fail2ban/ChangeLog b/net-analyzer/fail2ban/ChangeLog
index 982fcd072528..cdef38ed6ff6 100644
--- a/net-analyzer/fail2ban/ChangeLog
+++ b/net-analyzer/fail2ban/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-analyzer/fail2ban
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.74 2011/12/15 08:50:08 scarabeus Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.75 2011/12/30 10:18:51 hwoarang Exp $
+
+*fail2ban-0.8.6 (30 Dec 2011)
+
+ 30 Dec 2011; Markos Chandras <hwoarang@gentoo.org> +fail2ban-0.8.6.ebuild,
+ +files/fail2ban-0.8.6-sshd-breakin.patch:
+ Version bump. Bug #392481
*fail2ban-0.8.4-r4 (15 Dec 2011)
diff --git a/net-analyzer/fail2ban/fail2ban-0.8.6.ebuild b/net-analyzer/fail2ban/fail2ban-0.8.6.ebuild
new file mode 100644
index 000000000000..d46de6b1033c
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-0.8.6.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/fail2ban-0.8.6.ebuild,v 1.1 2011/12/30 10:18:51 hwoarang Exp $
+
+EAPI="3"
+PYTHON_DEPEND="2"
+
+inherit distutils eutils
+
+DESCRIPTION="Bans IP that make too many password failures"
+HOMEPAGE="http://fail2ban.sourceforge.net/"
+SRC_URI="https://github.com/${PN}/${PN}/tarball/${PV} -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="selinux"
+
+DEPEND="selinux? ( sec-policy/selinux-fail2ban )"
+RDEPEND="net-misc/whois
+ virtual/mta
+ net-firewall/iptables
+ selinux? ( sec-policy/selinux-fail2ban )"
+
+S="${WORKDIR}"/${PN}-${PN}-a20d1f8
+
+pkg_setup() {
+ python_set_active_version 2
+ python_pkg_setup
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-sshd-breakin.patch
+ distutils_src_prepare
+}
+
+src_install() {
+ distutils_src_install
+
+ newconfd files/gentoo-confd fail2ban || die
+ newinitd files/gentoo-initd fail2ban || die
+ dodoc ChangeLog README TODO || die "dodoc failed"
+ doman man/*.1 || die "doman failed"
+
+ # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
+ # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/${PN}-logrotate ${PN} || die
+}
+
+pkg_preinst() {
+ has_version "<${CATEGORY}/${PN}-0.7"
+ previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+ distutils_pkg_postinst
+
+ if [[ $previous_less_than_0_7 = 0 ]] ; then
+ elog
+ elog "Configuration files are now in /etc/fail2ban/"
+ elog "You probably have to manually update your configuration"
+ elog "files before restarting Fail2ban!"
+ elog
+ elog "Fail2ban is not installed under /usr/lib anymore. The"
+ elog "new location is under /usr/share."
+ elog
+ elog "You are upgrading from version 0.6.x, please see:"
+ elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+ fi
+}
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.8.6-sshd-breakin.patch b/net-analyzer/fail2ban/files/fail2ban-0.8.6-sshd-breakin.patch
new file mode 100644
index 000000000000..508b2d41d33f
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-0.8.6-sshd-breakin.patch
@@ -0,0 +1,15 @@
+Index: fail2ban-fail2ban-a20d1f8/config/filter.d/sshd.conf
+===================================================================
+--- fail2ban-fail2ban-a20d1f8.orig/config/filter.d/sshd.conf
++++ fail2ban-fail2ban-a20d1f8/config/filter.d/sshd.conf
+@@ -31,8 +31,8 @@ failregex = ^%(__prefix_line)s(?:error:
+ ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers$
+ ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
+- ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\s*$
+- ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
++ ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT!*\s*$
++ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
+
+ # Option: ignoreregex
+ # Notes.: regex to ignore. If this regex matches, the line is ignored.