[106071] trunk/dports/security/fail2ban
ryandesign at macports.org
ryandesign at macports.org
Tue May 14 03:50:58 PDT 2013
Revision: 106071
https://trac.macports.org/changeset/106071
Author: ryandesign at macports.org
Date: 2013-05-14 03:50:58 -0700 (Tue, 14 May 2013)
Log Message:
-----------
fail2ban: maintainer update to 0.8.8; add pf/icefloor action; fix livecheck (#38961)
Modified Paths:
--------------
trunk/dports/security/fail2ban/Portfile
trunk/dports/security/fail2ban/files/patch-fail2ban-client.diff
trunk/dports/security/fail2ban/files/patch-fail2ban-regex.diff
trunk/dports/security/fail2ban/files/patch-fail2ban-server.diff
trunk/dports/security/fail2ban/files/patch-setup.py.diff
Added Paths:
-----------
trunk/dports/security/fail2ban/files/patch-config-jail.conf.diff
trunk/dports/security/fail2ban/files/pf-icefloor.conf
Modified: trunk/dports/security/fail2ban/Portfile
===================================================================
--- trunk/dports/security/fail2ban/Portfile 2013-05-14 10:29:57 UTC (rev 106070)
+++ trunk/dports/security/fail2ban/Portfile 2013-05-14 10:50:58 UTC (rev 106071)
@@ -5,8 +5,7 @@
PortGroup github 1.0
PortGroup python27 1.0
-github.setup fail2ban fail2ban 0.8.7.1
-revision 1
+github.setup fail2ban fail2ban 0.8.8
categories security python
license GPL-2+
maintainers free.fr:fclaire openmaintainer
@@ -24,14 +23,14 @@
or ejecting CD-ROM tray) could also be configured. Out of the box \
Fail2Ban comes with filters for various services (apache, curier, ssh, etc).
-checksums rmd160 fe995a047e373e24474b11b842332b0cfe96f6b1 \
- sha256 2804a789347b1274e343a33fcca659b37d40bb5f99e77546997c96a425f6fc9b
+checksums rmd160 9f50cc84d77e47e378da71860e738528f39f7c42 \
+ sha256 5b020aaa2316dc4348a1489187db2cb124c4cf2a13f84aed7064fc5bc948a8ab
set f2bconfdir ${prefix}/etc/${name}
set f2bbindir ${prefix}/bin
-set f2brundir ${prefix}/var/run/fail2ban
-set f2bsock ${f2brundir}/fail2ban.sock
-set f2bpid ${f2brundir}/fail2ban.pid
+set f2brundir ${prefix}/var/run/${name}
+set f2bsock ${f2brundir}/${name}.sock
+set f2bpid ${f2brundir}/${name}.pid
python.link_binaries_suffix
@@ -41,6 +40,7 @@
patch-fail2ban-regex.diff \
patch-fail2ban-server.diff \
patch-config-fail2ban.conf.diff \
+ patch-config-jail.conf.diff \
patch-client-csocket.py.diff \
patch-server-server.py.diff
@@ -62,6 +62,8 @@
destroot.keepdirs ${destroot}${f2brundir}
post-destroot {
+ # Adding dedicated OSX pf-icefloor action file
+ xinstall -m 644 ${filespath}/pf-icefloor.conf ${destroot}${f2bconfdir}/action.d/
# Adding a suffix to config files
set cfgfiles [concat [glob ${destroot}${f2bconfdir}/*.conf] [glob ${destroot}${f2bconfdir}/action.d/*.conf] [glob ${destroot}${f2bconfdir}/filter.d/*.conf]]
foreach cfgfile ${cfgfiles} {
@@ -79,3 +81,6 @@
}
}
}
+
+livecheck.url ${github.raw}/master/ChangeLog
+livecheck.regex "ver\. *(\[0-9\.\]+).*stable"
Added: trunk/dports/security/fail2ban/files/patch-config-jail.conf.diff
===================================================================
--- trunk/dports/security/fail2ban/files/patch-config-jail.conf.diff (rev 0)
+++ trunk/dports/security/fail2ban/files/patch-config-jail.conf.diff 2013-05-14 10:50:58 UTC (rev 106071)
@@ -0,0 +1,21 @@
+--- config/jail.conf.orig 2013-02-20 06:00:19.000000000 +0100
++++ config/jail.conf 2013-02-20 06:07:15.000000000 +0100
+@@ -226,6 +226,18 @@
+ logpath = /var/log/auth.log
+ ignoreip = 168.192.0.1
+
++# This jail uses pf, the standard firewall of Mac OS X (>=10.7). It uses
++# the table called "bruteforce" in the IceFloor firewall main anchor.
++# To be used with icefloor: http://www.hanynet.com/icefloor/
++
++[ssh-pf]
++
++enabled = false
++filter = sshd
++action = pf-icefloor
++ sendmail-whois[name="SSH,PF", dest=you at example.com]
++logpath = /var/log/system.log
++
+ # These jails block attacks against named (bind9). By default, logging is off
+ # with bind9 installation. You will need something like this:
+ #
Modified: trunk/dports/security/fail2ban/files/patch-fail2ban-client.diff
===================================================================
--- trunk/dports/security/fail2ban/files/patch-fail2ban-client.diff 2013-05-14 10:29:57 UTC (rev 106070)
+++ trunk/dports/security/fail2ban/files/patch-fail2ban-client.diff 2013-05-14 10:50:58 UTC (rev 106071)
@@ -1,15 +1,26 @@
---- fail2ban-client.orig 2012-04-26 10:59:30.000000000 +0200
-+++ fail2ban-client 2012-04-26 11:27:03.000000000 +0200
-@@ -33,7 +33,7 @@
+--- fail2ban-client.orig 2013-02-18 17:09:05.000000000 +0100
++++ fail2ban-client 2013-02-19 19:55:57.000000000 +0100
+@@ -26,13 +26,14 @@
+ import getopt, time, shlex, socket
# Inserts our own modules path first in the list
- # fix for bug #343821
--sys.path.insert(1, "/usr/share/fail2ban")
-+sys.path.insert(1, "@@PREFIX@@/share/fail2ban")
+-# fix for bug #343821
+-if os.path.abspath(__file__).startswith('/usr/'):
+- # makes sense to use system-wide library iff -client is also under /usr/
+- sys.path.insert(1, "/usr/share/fail2ban")
++# Camusensei issue #112 - https://github.com/fail2ban/fail2ban/issues/112
++try:
++ from common.version import version
++except ImportError, e:
++ sys.path.insert(1, "@@PREFIX@@/share/fail2ban")
++ from common.version import version
# Now we can import our modules
- from common.version import version
-@@ -59,7 +59,7 @@
+-from common.version import version
+ from common.protocol import printFormatted
+ from client.csocket import CSocket
+ from client.configurator import Configurator
+@@ -55,7 +56,7 @@
self.__stream = None
self.__configurator = Configurator()
self.__conf = dict()
Modified: trunk/dports/security/fail2ban/files/patch-fail2ban-regex.diff
===================================================================
--- trunk/dports/security/fail2ban/files/patch-fail2ban-regex.diff 2013-05-14 10:29:57 UTC (rev 106070)
+++ trunk/dports/security/fail2ban/files/patch-fail2ban-regex.diff 2013-05-14 10:50:58 UTC (rev 106071)
@@ -1,15 +1,15 @@
---- fail2ban-regex.orig 2012-04-26 11:00:35.000000000 +0200
-+++ fail2ban-regex 2012-04-26 11:27:19.000000000 +0200
-@@ -29,7 +29,7 @@
-
- # Inserts our own modules path first in the list
+--- fail2ban-regex.orig 2013-02-19 16:30:48.000000000 +0100
++++ fail2ban-regex 2013-02-19 19:37:00.000000000 +0100
+@@ -25,7 +25,7 @@
# fix for bug #343821
--sys.path.insert(1, "/usr/share/fail2ban")
-+sys.path.insert(1, "@@PREFIX@@/share/fail2ban")
+ if os.path.abspath(__file__).startswith('/usr/'):
+ # makes sense to use system-wide library iff -regex is also under /usr/
+- sys.path.insert(1, "/usr/share/fail2ban")
++ sys.path.insert(1, "@@PREFIX@@/share/fail2ban")
from client.configparserinc import SafeConfigParserWithIncludes
from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
-@@ -66,7 +66,7 @@
+@@ -62,7 +62,7 @@
test = None
Modified: trunk/dports/security/fail2ban/files/patch-fail2ban-server.diff
===================================================================
--- trunk/dports/security/fail2ban/files/patch-fail2ban-server.diff 2013-05-14 10:29:57 UTC (rev 106070)
+++ trunk/dports/security/fail2ban/files/patch-fail2ban-server.diff 2013-05-14 10:50:58 UTC (rev 106071)
@@ -1,15 +1,25 @@
---- fail2ban-server.orig 2012-04-26 11:02:58.000000000 +0200
-+++ fail2ban-server 2012-04-26 13:11:25.000000000 +0200
-@@ -32,7 +32,7 @@
+--- fail2ban-server.orig 2013-02-19 16:39:38.000000000 +0100
++++ fail2ban-server 2013-02-19 20:23:45.000000000 +0100
+@@ -25,12 +25,13 @@
+ import getopt, sys, logging, os
# Inserts our own modules path first in the list
- # fix for bug #343821
--sys.path.insert(1, "/usr/share/fail2ban")
-+sys.path.insert(1, "@@PREFIX@@/share/fail2ban")
+-# fix for bug #343821
+-if os.path.abspath(__file__).startswith('/usr/'):
+- # makes sense to use system-wide library iff -server is also under /usr/
+- sys.path.insert(1, "/usr/share/fail2ban")
++# Camusensei issue #112 - https://github.com/fail2ban/fail2ban/issues/112
++try:
++ from common.version import version
++except ImportError, e:
++ sys.path.insert(1, "/opt/local/share/fail2ban")
++ from common.version import version
- from common.version import version
+-from common.version import version
from server.server import Server
-@@ -56,7 +56,7 @@
+
+ # Gets the instance of the logger.
+@@ -52,7 +53,7 @@
self.__conf = dict()
self.__conf["background"] = True
self.__conf["force"] = False
Modified: trunk/dports/security/fail2ban/files/patch-setup.py.diff
===================================================================
--- trunk/dports/security/fail2ban/files/patch-setup.py.diff 2013-05-14 10:29:57 UTC (rev 106070)
+++ trunk/dports/security/fail2ban/files/patch-setup.py.diff 2013-05-14 10:50:58 UTC (rev 106071)
@@ -1,6 +1,6 @@
---- setup.py.orig 2012-04-26 10:26:02.000000000 +0200
-+++ setup.py 2012-04-26 11:06:43.000000000 +0200
-@@ -62,16 +62,16 @@
+--- setup.py.orig 2013-02-19 16:35:30.000000000 +0100
++++ setup.py 2013-04-30 08:46:35.000000000 +0200
+@@ -56,16 +56,16 @@
'server'
],
data_files = [
@@ -21,7 +21,7 @@
''
)
]
-@@ -81,21 +81,21 @@
+@@ -75,21 +75,21 @@
# Search for obsolete files.
obsoleteFiles = []
elements = {
@@ -47,7 +47,22 @@
[
"version.py",
"protocol.py"
-@@ -129,5 +129,5 @@
+@@ -112,16 +112,16 @@
+ print "\t" + f
+ print
+
+-if isdir("/usr/lib/fail2ban"):
++if isdir("@@PREFIX@@/lib/fail2ban"):
+ print
+- print "Fail2ban is not installed under /usr/lib anymore. The new " \
+- "location is under /usr/share. Please remove the directory " \
+- "/usr/lib/fail2ban and everything under this directory."
++ print "Fail2ban is not installed under @@PREFIX@@/lib anymore. The new " \
++ "location is under @@PREFIX@@/share. Please remove the directory " \
++ "@@PREFIX@@/lib/fail2ban and everything under this directory."
+ print
+
+ # Update config file
if argv[1] == "install":
print
print "Please do not forget to update your configuration files."
Added: trunk/dports/security/fail2ban/files/pf-icefloor.conf
===================================================================
--- trunk/dports/security/fail2ban/files/pf-icefloor.conf (rev 0)
+++ trunk/dports/security/fail2ban/files/pf-icefloor.conf 2013-05-14 10:50:58 UTC (rev 106071)
@@ -0,0 +1,69 @@
+# Fail2Ban configuration file
+#
+# Author: Francois Claire
+# Modified by:
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart =
+
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop =
+
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+# Adds the IP address to the IceFloor firewall "bruteforce" table
+# and kills an already established connection from this IP
+actionban = /sbin/pfctl -a <anchor> -t <pftable> -T add <ip> && /sbin/pfctl -k <ip>
+
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = /sbin/pfctl -a <anchor> -t <pftable> -T delete <ip>
+
+
+[Init]
+
+# Option: anchor
+# Notes.: specifies pf anchor. We use IceFloor's main anchor
+# Values: STRING
+#
+anchor = 800.icefloor
+
+# Option: pftable
+# Notes.: the table used to block IPs. We use IceFloor's bruteforce table.
+# Values: STRING
+#
+pftable = bruteforce
+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20130514/5417c81d/attachment.html>
More information about the macports-changes
mailing list