./security/fail2ban, Scans log files and bans IP that makes too many password failures

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.9.6nb1, Package name: fail2ban-0.9.6nb1, Maintainer: nils

Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too many password failures. It updates firewall
rules to reject the IP address. Theses rules can be defined by
the user. Fail2Ban can read multiple log files such as sshd
or Apache web server ones.

Required to run:
[databases/py-sqlite3] [lang/python37]

Required to build:
[textproc/py-sphinx] [textproc/py-numpydoc] [pkgtools/cwrappers]

Master sites:

SHA1: 1f0bf1bdc8949f58f8b735c3806822ffa221e15f
RMD160: 63e2843a0c176768963413bcf38fbf34335d4ddd
Filesize: 533.942 KB

Version history: (Expand)

CVS history: (Expand)

   2019-10-22 00:15:11 by Adam Ciarcinski | Files touched by this commit (10)
Log message:
Fix sphinx-build binary name
   2019-10-21 23:55:04 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
Switch sphinx to versioned deps.
   2019-04-25 09:33:32 by Maya Rashish | Files touched by this commit (620)
Log message:
PKGREVISION bump for anything using python without a PYPKGPREFIX.

This is a semi-manual PKGREVISION bump.
   2018-12-09 22:05:37 by Adam Ciarcinski | Files touched by this commit (53)
Log message:
Removed commented-out PKGREVISIONs
   2017-03-16 22:08:35 by Maya Rashish | Files touched by this commit (1)
Log message:
fail2ban: fix build on linux and others

having an empty SUBST_SED returns usage and a non-zero exit value and
the build doesn't continue.
   2017-02-02 19:35:56 by Nils Ratusznik | Files touched by this commit (3) | Package updated
Log message:
Updated security/fail2ban to 0.9.6.

Upstream changelog :
* Misleading add resp. enable of (already available) jail in database, that
  induced a subsequent error: last position of log file will be never retrieved \ 
* Fixed a distribution related bug within testReadStockJailConfForceEnabled
  (e.g. test-cases faults on Fedora, see gh-1353)
* Fixed pythonic filters and test scripts (running via wrong python version,
  uses "fail2ban-python" now);
* Fixed test case "testSetupInstallRoot" for not default python \ 
version (also
  using direct call, out of virtualenv);
* Fixed ambiguous wrong recognized date pattern resp. its optional parts (see \ 
* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
* Monit config: scripting is not supported in path (gh-1556)
* `filter.d/apache-modsecurity.conf`
    - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all
      replaced for safer match, unneeded catch-all anchoring removed, non-capturing
* `filter.d/asterisk.conf`
    - Fixed to match different asterisk log prefix (source file: method:)
* `filter.d/dovecot.conf`
    - Fixed failregex ignores failures through some not relevant info (gh-1623)
* `filter.d/ignorecommands/apache-fakegooglebot`
    - Fixed error within apache-fakegooglebot, that will be called
      with wrong python version (gh-1506)
* `filter.d/assp.conf`
    - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494)
* `filter.d/postfix-sasl.conf`
    - Allow for having no trailing space after 'failed:' (gh-1497)
* `filter.d/vsftpd.conf`
    - Optional reason part in message after FAIL LOGIN (gh-1543)
* `filter.d/sendmail-reject.conf`
    - removed mandatory double space (if dns-host available, gh-1579)
* filter.d/sshd.conf
    - recognized "Failed publickey for" (gh-1477);
    - optimized failregex to match all of "Failed any-method for ... from \ 
<HOST>" (gh-1479)
    - eliminated possible complex injections (on user-name resp. auth-info, see \ 
    - optional port part after host (see gh-1533, gh-1581)

* New Actions:
    - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD
* New Filters:
    - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database \ 
      (gh-1586, gh-1606 and gh-1607)

* DateTemplate regexp extended with the word-end boundary, additionally to
  word-start boundary
* Introduces new command "fail2ban-python", as automatically created \ 
symlink to
  python executable, where fail2ban currently installed (resp. its modules are \ 
    - allows to use the same version, fail2ban currently running, e.g. in
      external scripts just via replace python with fail2ban-python:
      -#!/usr/bin/env python
      +#!/usr/bin/env fail2ban-python
    - always the same pickle protocol
    - the same (and also guaranteed available) fail2ban modules
    - simplified stand-alone install, resp. stand-alone installation possibility
      via setup (like gh-1487) is getting closer
* Several test cases rewritten using new methods assertIn, assertNotIn
* New forward compatibility method assertRaisesRegexp (normally python >= 2.7).
  Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged
  are test covered now
* Jail configuration extended with new syntax to pass options to the backend \ 
(see gh-1408),
    - `backend = systemd[journalpath=/run/log/journal/machine-1]`
    - `backend = \ 
systemd[journalfiles="/run/log/journal/machine-1/system.journal, \ 
    - `backend = systemd[journalflags=2]`
   2016-12-04 22:02:55 by Nils Ratusznik | Files touched by this commit (3) | Package updated
Log message:
Updated security/fail2ban to 0.9.5.
Changelog from 0.9.3 and 0.9.4 is quite long. Expect new and improved
jails, actions and filter. Details are here :
- https://github.com/fail2ban/fail2ban/releases/tag/0.9.4
- https://github.com/fail2ban/fail2ban/releases/tag/0.9.5

Pkgsrc changes are :
- added man pages (fail2ban-testcases.1 fail2ban.1)
- added and reorderd filters, actions, and documentation files
- minor edits to please pkglint
   2015-11-27 16:41:48 by Nils Ratusznik | Files touched by this commit (3) | Package updated
Log message:
Updated to 0.9.3.
Some of the upstream changes for 0.9.2 :
- various typo in config files
- filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to
  ignore system authentication issues
- some fixes for EL7
New features :
- New filters:
  - postfix-rbl
  - apache-fakegooglebot.conf
  - nginx-botsearch
  - drupal-auth
- New actions:
  - action.d/firewallcmd-multiport and action.d/firewallcmd-allports
  - action.d/sendmail-geoip-lines.conf
  - action.d/nsupdate to update DNSBL
- New status argument for fail2ban-client
Some of the upstream changes for 0.9.3 :
- IMPORTANT incompatible changes:
* filter.d/roundcube-auth.conf
     - Changed logpath to 'errors' log (was 'userlogins')
   * action.d/iptables-common.conf
     - All calls to iptables command now use -w switch introduced in
       iptables 1.4.20 (some distribution could have patched their
       earlier base version as well) to provide this locking mechanism
       useful under heavy load to avoid contesting on iptables calls.
       If you need to disable, define 'action.d/iptables-common.local'
       with empty value for 'lockingopt' in `[Init]` section.
   * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines
     actions now include by default only the first 1000 log lines in
     the emails.  Adjust <grepopts> to augment the behavior.
- New Features:
* New filters:
     - froxlor-auth - Thanks Joern Muehlencord
     - apache-pass - filter Apache access log for successful authentication
* New actions:
     - shorewall-ipset-proto6 - using proto feature of the Shorewall.
       Still requires manual pre-configuration of the shorewall.
       See the action file for detail.
* New jails:
     - pass2allow-ftp - allows FTP traffic after successful
       HTTP authentication