forked from pool/fail2ban
Accepting request 506342 from security
1 OBS-URL: https://build.opensuse.org/request/show/506342 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=49
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
a7deeb333c
50
1783.patch
Normal file
50
1783.patch
Normal file
@ -0,0 +1,50 @@
|
||||
diff -ur fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf fail2ban-0.9.7/config/filter.d/roundcube-auth.conf
|
||||
--- fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf 2017-05-11 03:38:57.000000000 +0200
|
||||
+++ fail2ban-0.9.7/config/filter.d/roundcube-auth.conf 2017-06-26 16:57:15.171337942 +0200
|
||||
@@ -7,16 +7,30 @@
|
||||
# The logpath in your jail can be updated to userlogins if you wish
|
||||
#
|
||||
|
||||
+
|
||||
+[Definition]
|
||||
+# Fail2Ban configuration file for roundcube web server authentication failures
|
||||
+#
|
||||
+# When you enable systemd-logging, this filter needs "$config['log_driver']" set
|
||||
+# to "syslog" in the roundcube configuration
|
||||
+#
|
||||
+
|
||||
[INCLUDES]
|
||||
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
|
||||
-failregex = ^\s*(\[\])?(%(__hostname)s\s*(roundcube:)?\s*(<[\w]+>)? IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
|
||||
- ^\[\]:\s*(<[\w]+>)? Failed login for [\w\-\.\+]+(@[\w\-\.\+]+\.[a-zA-Z]{2,6})? from <HOST> in session \w+( \(error: \d\))?$
|
||||
+prefregex = ^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*(<[\w]+>)? IMAP Error)?:
|
||||
+
|
||||
+failregex = %(prefregex)s (?:FAILED login|Login failed) for (?P<user>.*) from <HOST>(\. (?:(?! from ).)*(?: user=(?P=user))? in \S+\.php on line \d+ \(\S+ \S+\))?$
|
||||
+ %(prefregex)s (?:<[\w]+> )?Failed login for (?P<user>.*) from <HOST> in session \w+( \(error: \d\))?$
|
||||
+
|
||||
+ignoreregex =
|
||||
+
|
||||
+[Init]
|
||||
+journalmatch = SYSLOG_IDENTIFIER=roundcube
|
||||
|
||||
-ignoreregex =
|
||||
# DEV Notes:
|
||||
#
|
||||
# Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180
|
||||
diff -ur fail2ban-0.9.7-orig/config/jail.conf fail2ban-0.9.7/config/jail.conf
|
||||
--- fail2ban-0.9.7-orig/config/jail.conf 2017-05-11 03:38:57.000000000 +0200
|
||||
+++ fail2ban-0.9.7/config/jail.conf 2017-06-26 10:37:10.200062390 +0200
|
||||
@@ -379,7 +379,8 @@
|
||||
|
||||
port = http,https
|
||||
logpath = %(roundcube_errors_log)s
|
||||
-
|
||||
+# Use following line in your jail.local if roundcube logs to journal.
|
||||
+#backend = %(syslog_backend)s
|
||||
|
||||
[openwebmail]
|
||||
|
||||
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 26 07:23:57 UTC 2017 - jweberhofer@weberhofer.at
|
||||
|
||||
- added 1783.patch from upstream: "Updated roundcube authentication filter"
|
||||
- use tmpfiles_create macro
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 15 12:11:23 UTC 2017 - jweberhofer@weberhofer.at
|
||||
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
#
|
||||
|
||||
|
||||
%{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
|
||||
Name: fail2ban
|
||||
Version: 0.9.7
|
||||
Release: 0
|
||||
@ -39,6 +40,8 @@ Patch100: %{name}-opensuse-locations.patch
|
||||
Patch101: %{name}-opensuse-service.patch
|
||||
# PATCH-UPSTREAM 607568f.patch bnc#1036928 jweberhofer@weberhofer.at -- Postfix RBL: 554 & SMTP
|
||||
Patch102: 607568f.patch
|
||||
# PATCH-UPSTREAM 1783.patch jweberhofer@weberhofer.at -- Updated roundcube authentication filter
|
||||
Patch103: 1783.patch
|
||||
# PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases
|
||||
Patch200: %{name}-disable-iptables-w-option.patch
|
||||
BuildRequires: fdupes
|
||||
@ -119,9 +122,13 @@ install -m644 %{SOURCE8} config/paths-opensuse.conf
|
||||
# Use openSUSE paths
|
||||
sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf
|
||||
|
||||
# Remove shebang
|
||||
sed -i -e '/^#!\/usr\/bin\/python$/d' fail2ban/client/fail2banregex.py
|
||||
|
||||
%patch100
|
||||
%patch101
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
%if 0%{?suse_version} < 1310
|
||||
%patch200 -p1
|
||||
%endif
|
||||
@ -224,7 +231,7 @@ export LANG=en_US.UTF-8
|
||||
%post
|
||||
%fillup_only
|
||||
%if 0%{?suse_version} >= 1230
|
||||
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf
|
||||
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
|
||||
# The next line is not workin in Leap 42.1, so keep the old way
|
||||
#%%tmpfiles_create %%{_tmpfilesdir}/%%{name}.conf
|
||||
%service_add_post %{name}.service
|
||||
|
||||
Loading…
Reference in New Issue
Block a user