rpm/fail2ban
SHA256
1
0
Fork 0
forked from pool/fail2ban
Code Pull Requests Activity

Accepting request 506342 from security

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/506342
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=49
This commit is contained in:
Dominique Leuenberger 2017-06-27 08:21:50 +00:00 committed by Git OBS Bridge
commit a7deeb333c
3 changed files with 64 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
1783.patch Normal file
View File

@ -0,0 +1,50 @@
diff -ur fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf fail2ban-0.9.7/config/filter.d/roundcube-auth.conf
--- fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf 2017-05-11 03:38:57.000000000 +0200
+++ fail2ban-0.9.7/config/filter.d/roundcube-auth.conf 2017-06-26 16:57:15.171337942 +0200
@@ -7,16 +7,30 @@
# The logpath in your jail can be updated to userlogins if you wish
#
+
+[Definition]
+# Fail2Ban configuration file for roundcube web server authentication failures
+#
+# When you enable systemd-logging, this filter needs "$config['log_driver']" set
+# to "syslog" in the roundcube configuration
+#
+
[INCLUDES]
before = common.conf
[Definition]
-failregex = ^\s*(\[\])?(%(__hostname)s\s*(roundcube:)?\s*(<[\w]+>)? IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
- ^\[\]:\s*(<[\w]+>)? Failed login for [\w\-\.\+]+(@[\w\-\.\+]+\.[a-zA-Z]{2,6})? from <HOST> in session \w+( \(error: \d\))?$
+prefregex = ^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*(<[\w]+>)? IMAP Error)?:
+
+failregex = %(prefregex)s (?:FAILED login|Login failed) for (?P<user>.*) from <HOST>(\. (?:(?! from ).)*(?: user=(?P=user))? in \S+\.php on line \d+ \(\S+ \S+\))?$
+ %(prefregex)s (?:<[\w]+> )?Failed login for (?P<user>.*) from <HOST> in session \w+( \(error: \d\))?$
+
+ignoreregex =
+
+[Init]
+journalmatch = SYSLOG_IDENTIFIER=roundcube
-ignoreregex =
# DEV Notes:
#
# Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180
diff -ur fail2ban-0.9.7-orig/config/jail.conf fail2ban-0.9.7/config/jail.conf
--- fail2ban-0.9.7-orig/config/jail.conf 2017-05-11 03:38:57.000000000 +0200
+++ fail2ban-0.9.7/config/jail.conf 2017-06-26 10:37:10.200062390 +0200
@@ -379,7 +379,8 @@
port = http,https
logpath = %(roundcube_errors_log)s
-
+# Use following line in your jail.local if roundcube logs to journal.
+#backend = %(syslog_backend)s
[openwebmail]

6
fail2ban.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Jun 26 07:23:57 UTC 2017 - jweberhofer@weberhofer.at
- added 1783.patch from upstream: "Updated roundcube authentication filter"
- use tmpfiles_create macro
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 15 12:11:23 UTC 2017 - jweberhofer@weberhofer.at Mon May 15 12:11:23 UTC 2017 - jweberhofer@weberhofer.at

9
fail2ban.spec
View File

@ -16,6 +16,7 @@
# #
%{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
Name: fail2ban Name: fail2ban
Version: 0.9.7 Version: 0.9.7
Release: 0 Release: 0
@ -39,6 +40,8 @@ Patch100: %{name}-opensuse-locations.patch
Patch101: %{name}-opensuse-service.patch Patch101: %{name}-opensuse-service.patch
# PATCH-UPSTREAM 607568f.patch bnc#1036928 jweberhofer@weberhofer.at -- Postfix RBL: 554 & SMTP # PATCH-UPSTREAM 607568f.patch bnc#1036928 jweberhofer@weberhofer.at -- Postfix RBL: 554 & SMTP
Patch102: 607568f.patch Patch102: 607568f.patch
# PATCH-UPSTREAM 1783.patch jweberhofer@weberhofer.at -- Updated roundcube authentication filter
Patch103: 1783.patch
# PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases
Patch200: %{name}-disable-iptables-w-option.patch Patch200: %{name}-disable-iptables-w-option.patch
BuildRequires: fdupes BuildRequires: fdupes
@ -119,9 +122,13 @@ install -m644 %{SOURCE8} config/paths-opensuse.conf
# Use openSUSE paths # Use openSUSE paths
sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf
# Remove shebang
sed -i -e '/^#!\/usr\/bin\/python$/d' fail2ban/client/fail2banregex.py
%patch100 %patch100
%patch101 %patch101
%patch102 -p1 %patch102 -p1
%patch103 -p1
%if 0%{?suse_version} < 1310 %if 0%{?suse_version} < 1310
%patch200 -p1 %patch200 -p1
%endif %endif
@ -224,7 +231,7 @@ export LANG=en_US.UTF-8
%post %post
%fillup_only %fillup_only
%if 0%{?suse_version} >= 1230 %if 0%{?suse_version} >= 1230
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf %tmpfiles_create %{_tmpfilesdir}/%{name}.conf
# The next line is not workin in Leap 42.1, so keep the old way # The next line is not workin in Leap 42.1, so keep the old way
#%%tmpfiles_create %%{_tmpfilesdir}/%%{name}.conf #%%tmpfiles_create %%{_tmpfilesdir}/%%{name}.conf
%service_add_post %{name}.service %service_add_post %{name}.service