rpm/fail2ban
SHA256
1
0
Fork 0
forked from pool/fail2ban
Code Pull Requests Activity

Accepting request 495373 from home:weberho:branches:security

Browse Source 
- Update to 0.9.7
- fixes for bnc#1036928

OBS-URL: https://build.opensuse.org/request/show/495373
OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=79
This commit is contained in:
Johannes Weberhofer 2017-05-16 14:44:12 +00:00 committed by Git OBS Bridge
parent 7b81f19e35
commit 2109aac4ea
5 changed files with 92 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
607568f.patch Normal file
View File

@ -0,0 +1,34 @@
From 607568f5da9e6b962c43d59280d72bd678c08afa Mon Sep 17 00:00:00 2001
From: Filippo Tessarotto <zoeslam@gmail.com>
Date: Tue, 7 Feb 2017 12:58:04 +0100
Subject: [PATCH] Postfix RBL: 554 & SMTP
---
config/filter.d/postfix-rbl.conf | 2 +-
fail2ban/tests/files/logs/postfix-rbl | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/config/filter.d/postfix-rbl.conf b/config/filter.d/postfix-rbl.conf
index c3f8c33..0a9078f 100644
--- a/config/filter.d/postfix-rbl.conf
+++ b/config/filter.d/postfix-rbl.conf
@@ -12,7 +12,7 @@ before = common.conf
_daemon = postfix(-\w+)?/smtpd
-failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
+failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: [45]54 [45]\.7\.1 Service unavailable; Client host \[\S+\] blocked\b
ignoreregex =
diff --git a/fail2ban/tests/files/logs/postfix-rbl b/fail2ban/tests/files/logs/postfix-rbl
index eff01bf..6aeac03 100644
--- a/fail2ban/tests/files/logs/postfix-rbl
+++ b/fail2ban/tests/files/logs/postfix-rbl
@@ -3,3 +3,6 @@ Dec 30 18:19:15 xxx postfix/smtpd[1574]: NOQUEUE: reject: RCPT from badguy.examp
# failJSON: { "time": "2004-12-30T18:19:15", "match": true , "host": "93.184.216.34" }
Dec 30 18:19:15 xxx postfix-incoming/smtpd[1574]: NOQUEUE: reject: RCPT from badguy.example.com[93.184.216.34]: 454 4.7.1 Service unavailable; Client host [93.184.216.34] blocked using rbl.example.com; http://www.example.com/query?ip=93.184.216.34; from=<spammer@example.com> to=<goodguy@example.com> proto=ESMTP helo=<badguy.example.com>
+
+# failJSON: { "time": "2005-02-07T12:25:45", "match": true , "host": "87.236.233.182" }
+Feb 7 12:25:45 xxx12345 postfix/smtpd[13275]: NOQUEUE: reject: RCPT from unknown[87.236.233.182]: 554 5.7.1 Service unavailable; Client host [87.236.233.182] blocked using rbl.example.com; https://www.example.com/query/ip/87.236.233.182; from=<spammer@example.com> to=<goodguy@example.com> proto=SMTP helo=<WIN-5N8GBBS0R5I>

3
fail2ban-0.9.6.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1712e4eda469513fb2f44951957a4159e0fa62cb9da16ed48e7f4f4037f0b976
size 352125

3
fail2ban-0.9.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2817eb0d4f670bef2a79a5a9cfb824b41a4445f5a92a307a453ac95f497c7440
size 356374

49
fail2ban.changes
View File

@ -1,3 +1,52 @@
-------------------------------------------------------------------
Mon May 15 12:11:23 UTC 2017 - jweberhofer@weberhofer.at
- added 607568f.patch from upstream: "Postfix RBL: 554 & SMTP"
this fixes bnc#1036928 " fail2ban-rbl regex incorrect, takes no
action as a result"
- Update to 0.9.7
* Fixed a systemd-journal handling in fail2ban-regex
(gh#fail2ban/fail2ban#1657)
* filter.d/sshd.conf
- Fixed non-anchored part of failregex (misleading match of colon inside
IPv6 address instead of `: ` in the reason-part by missing space,
gh#fail2ban/fail2ban#1658)
(0.10th resp. IPv6 relevant only, amend for gh#fail2ban/fail2ban#1479)
* config/pathes-freebsd.conf
- Fixed filenames for apache and nginx log files (gh#fail2ban/fail2ban#1667)
* filter.d/exim.conf
- optional part `(...)` after host-name before `[IP]`
(gh#fail2ban/fail2ban#1751)
- new reason "Unrouteable address" for "rejected RCPT" regex
(gh#fail2ban/fail2ban#1762)
- match of complex time like `D=2m42s` in regex "no MAIL in SMTP
connection" (gh#fail2ban/fail2ban#1766)
* filter.d/sshd.conf
- new aggressive rules (gh#fail2ban/fail2ban#864):
- Connection reset by peer (multi-line rule during authorization process)
- No supported authentication methods available
- single line and multi-line expression optimized, added optional prefixes
and suffix (logged from several ssh versions), according
to gh#fail2ban/fail2ban#1206;
- fixed expression received disconnect auth fail (optional space after port
part, gh#fail2ban/fail2ban#1652)
and suffix (logged from several ssh versions), according to gh#fail2ban/fail2ban#1206;
* filter.d/suhosin.conf
- greedy catch-all before `<HOST>` fixed (potential vulnerability)
* filter.d/cyrus-imap.conf
- accept entries without login-info resp. hostname before IP address (#fail2ban/fail2ban#707)
* Filter tests extended with check of all config-regexp, that contains greedy catch-all
before `<HOST>`, that is hard-anchored at end or precise sub expression after `<HOST>`
* New Actions:
- action.d/netscaler: Block IPs on a Citrix Netscaler ADC (gh#fail2ban/fail2ban#1663)
* New Filters:
- filter.d/domino-smtp: IBM Domino SMTP task (gh#fail2ban/fail2ban#1603)
* Introduced new log-level `MSG` (as INFO-2, equivalent to 18)
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Mar 5 12:56:10 UTC 2017 - wagner-thomas@gmx.at Sun Mar 5 12:56:10 UTC 2017 - wagner-thomas@gmx.at

9
fail2ban.spec
View File

@ -17,7 +17,7 @@
Name: fail2ban Name: fail2ban
Version: 0.9.6 Version: 0.9.7
Release: 0 Release: 0
Summary: Bans IP addresses that make too many authentication failures Summary: Bans IP addresses that make too many authentication failures
License: GPL-2.0+ License: GPL-2.0+
@ -37,6 +37,8 @@ Source200: %{name}-rpmlintrc
Patch100: %{name}-opensuse-locations.patch Patch100: %{name}-opensuse-locations.patch
# PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file # PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file
Patch101: %{name}-opensuse-service.patch Patch101: %{name}-opensuse-service.patch
# PATCH-UPSTREAM 607568f.patch bnc#1036928 jweberhofer@weberhofer.at -- Postfix RBL: 554 & SMTP
Patch102: 607568f.patch
# PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases
Patch200: %{name}-disable-iptables-w-option.patch Patch200: %{name}-disable-iptables-w-option.patch
BuildRequires: fdupes BuildRequires: fdupes
@ -97,8 +99,8 @@ reason, i.e. SFW will always run first because it does a table flush.
%define nagios_plugindir %{_libexecdir}/nagios/plugins %define nagios_plugindir %{_libexecdir}/nagios/plugins
Summary: Check fail2ban server and how many IPs are currently banned Summary: Check fail2ban server and how many IPs are currently banned
Group: System/Monitoring Group: System/Monitoring
Provides: nagios-plugins-%{name}=%{version} Provides: nagios-plugins-%{name} = %{version}
Obsoletes: nagios-plugins-%{name}<%{version} Obsoletes: nagios-plugins-%{name} < %{version}
%description -n monitoring-plugins-%{name} %description -n monitoring-plugins-%{name}
This plugin checks if the fail2ban server is running and how many IPs are This plugin checks if the fail2ban server is running and how many IPs are
@ -119,6 +121,7 @@ sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf
%patch100 %patch100
%patch101 %patch101
%patch102 -p1
%if 0%{?suse_version} < 1310 %if 0%{?suse_version} < 1310
%patch200 -p1 %patch200 -p1
%endif %endif