diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2015-12-09 10:38:12 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2015-12-09 10:38:29 +0000 |
commit | d0457a4cbde06be9e6fdf2203fd53b1b05225b98 (patch) | |
tree | bfdeb5914ab75a2bc107d355508e38d7213bebe5 | |
parent | b404e7bae39604847b17bf10a501146fe5d56d7c (diff) | |
download | aports-d0457a4cbde06be9e6fdf2203fd53b1b05225b98.tar.bz2 aports-d0457a4cbde06be9e6fdf2203fd53b1b05225b98.tar.xz |
main/fail2ban: add default SSH jail. Fixes #966
-rw-r--r-- | main/fail2ban/APKBUILD | 29 | ||||
-rw-r--r-- | main/fail2ban/alpine-ssh.jaild | 13 | ||||
-rw-r--r-- | main/fail2ban/alpine-sshd-ddos.filterd | 26 | ||||
-rw-r--r-- | main/fail2ban/alpine-sshd.filterd | 27 |
4 files changed, 90 insertions, 5 deletions
diff --git a/main/fail2ban/APKBUILD b/main/fail2ban/APKBUILD index dcfc2740d6..7e8b655516 100644 --- a/main/fail2ban/APKBUILD +++ b/main/fail2ban/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=fail2ban pkgver=0.9.3 -pkgrel=0 +pkgrel=1 pkgdesc="Scans log files for login failures then updates iptables to reject originating ip address" url="http://www.fail2ban.org" arch="noarch" @@ -12,7 +12,11 @@ depends="python iptables logrotate" makedepends="python-dev python-dev py-setuptools" source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/$pkgver.tar.gz fail2ban.confd - fail2ban.logrotate" + fail2ban.logrotate + alpine-ssh.jaild + alpine-sshd.filterd + alpine-sshd-ddos.filterd + " _builddir="$srcdir"/$pkgname-$pkgver build() { @@ -29,14 +33,29 @@ package() { || return 1 install -Dm644 "$srcdir"/fail2ban.logrotate \ "$pkgdir"/etc/logrotate.d/fail2ban || return 1 + install -Dm644 "$srcdir"/alpine-ssh.jaild \ + "$pkgdir"/etc/fail2ban/jail.d/alpine-ssh.conf + install -Dm644 "$srcdir"/alpine-sshd.filterd \ + "$pkgdir"/etc/fail2ban/filter.d/alpine-sshd.conf + install -Dm644 "$srcdir"/alpine-sshd-ddos.filterd \ + "$pkgdir"/etc/fail2ban/filter.d/alpine-sshd-ddos.conf } md5sums="73c87c545cc6474de984b5a05e64ecab fail2ban-0.9.3.tar.gz b209a04f9314dd064a4aa0ee505c8a4d fail2ban.confd -6d1af6ceebd15c8ae3938bc675efe553 fail2ban.logrotate" +6d1af6ceebd15c8ae3938bc675efe553 fail2ban.logrotate +d79129324ec8710989be0d631362b1ab alpine-ssh.jaild +16637b4f207bc9bd68812d02cc06cfad alpine-sshd.filterd +d2634b4646276e5f9e4e3855e16725de alpine-sshd-ddos.filterd" sha256sums="b3a0793d9ed3b4e341e568388c65bb07a904f77ac8044186376cab3e58e5b2c9 fail2ban-0.9.3.tar.gz e35f1f820bfe5ecaac2696d60155c348d84af428e8c615e97b900c24a587d233 fail2ban.confd -4cfe274ec9c71dd0ae0575298f5327230f6e67b2f8fc1a616c645d0f6b3ce02f fail2ban.logrotate" +4cfe274ec9c71dd0ae0575298f5327230f6e67b2f8fc1a616c645d0f6b3ce02f fail2ban.logrotate +e0d03b972bb90053be53c7dc8d2711a57a569dbb956b40cb0026676cdc5b47db alpine-ssh.jaild +948e9b598a9242eb8bfef911c38d8af25c66554fd9c770e3017d636e59b98e16 alpine-sshd.filterd +1015ff0831970e2f42863b5d5c33635de69ccdae184df72f6be1792cd67f6df8 alpine-sshd-ddos.filterd" sha512sums="0a6c1a51f6b5eefc09d2d946c34cd935c36ad23f72bd7d3fe78e060d0cd03d63b7403069adfa26c303ef65069caf68230bc580765dc6093fe14b798c5c6ec39c fail2ban-0.9.3.tar.gz 1e7581dd04e7777d6fd5c40cc842a7ec5f4e6a0374673d020d89dd61bf4093d48934844bee89bcac9084f9ae44f3beb66e714cf3c2763d79c3e8feb790c5e43b fail2ban.confd -60c80dcf8ced5a0323daef2df702f862d99ac45f56b91015ce39be8471cf9d6a3bb45d776df0330692f40db37638dc3ef2004cfc65f26d50dd67c94fbfdf4ec2 fail2ban.logrotate" +60c80dcf8ced5a0323daef2df702f862d99ac45f56b91015ce39be8471cf9d6a3bb45d776df0330692f40db37638dc3ef2004cfc65f26d50dd67c94fbfdf4ec2 fail2ban.logrotate +84915967ae1276f1e14a5813680ee2ebf081af1ff452a688ae5f9ac3363f4aff90e39f8e6456b5c33d5699917d28a16308797095fd1ef9bb1fbcb46d4cea3def alpine-ssh.jaild +672762f513e14a29c0183fbab0f7acfa45e8e3e6d25f98d443bf82cad03d15af21b14789a223aeb5642806fa7c2092caede99593059b68230165c311b1eb7fea alpine-sshd.filterd +36a81b771be0b36fe0dfb5ee4c72c9cb5b504e110618a8eb6f0f241b4e57d92df01dc5cc04b6b68d5bc6a5e6d68de1000092770285d7a328e5937e50b4b226a3 alpine-sshd-ddos.filterd" diff --git a/main/fail2ban/alpine-ssh.jaild b/main/fail2ban/alpine-ssh.jaild new file mode 100644 index 0000000000..3afcedf276 --- /dev/null +++ b/main/fail2ban/alpine-ssh.jaild @@ -0,0 +1,13 @@ +[sshd] +enabled = true +filter = alpine-sshd +port = ssh +logpath = /var/log/messages +maxretry = 10 + +[sshd-ddos] +enabled = true +filter = alpine-sshd-ddos +port = ssh +logpath = /var/log/messages +maxretry = 10 diff --git a/main/fail2ban/alpine-sshd-ddos.filterd b/main/fail2ban/alpine-sshd-ddos.filterd new file mode 100644 index 0000000000..ae40569473 --- /dev/null +++ b/main/fail2ban/alpine-sshd-ddos.filterd @@ -0,0 +1,26 @@ +# Fail2Ban ssh filter for at attempted exploit +# +# The regex here also relates to a exploit: +# +# http://www.securityfocus.com/bid/17958/exploit +# The example code here shows the pushing of the exploit straight after +# reading the server version. This is where the client version string normally +# pushed. As such the server will read this unparsible information as +# "Did not receive identification string". + +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = common.conf + +[Definition] + +_daemon = sshd + +failregex = Did not receive identification string from <HOST>\s*$ + +ignoreregex = + +[Init] + diff --git a/main/fail2ban/alpine-sshd.filterd b/main/fail2ban/alpine-sshd.filterd new file mode 100644 index 0000000000..87718a963e --- /dev/null +++ b/main/fail2ban/alpine-sshd.filterd @@ -0,0 +1,27 @@ +# Fail2Ban filter for openssh for Alpine +# +# If you want to protect OpenSSH from being bruteforced by password +# authentication then get public key authentication working before disabling +# PasswordAuthentication in sshd_config. +# + +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = common.conf + +[Definition] + +_daemon = sshd + +failregex = Failed [-/\w]+ for .* from <HOST> port \d* ssh2 + +ignoreregex = + +[Init] + +# "maxlines" is number of log lines to buffer for multi-line regex searches +maxlines = 10 + + |