aboutsummaryrefslogtreecommitdiffstats
path: root/main/fail2ban
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2015-12-09 10:38:12 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2015-12-09 10:38:29 +0000
commitd0457a4cbde06be9e6fdf2203fd53b1b05225b98 (patch)
treebfdeb5914ab75a2bc107d355508e38d7213bebe5 /main/fail2ban
parentb404e7bae39604847b17bf10a501146fe5d56d7c (diff)
downloadaports-d0457a4cbde06be9e6fdf2203fd53b1b05225b98.tar.bz2
aports-d0457a4cbde06be9e6fdf2203fd53b1b05225b98.tar.xz
main/fail2ban: add default SSH jail. Fixes #966
Diffstat (limited to 'main/fail2ban')
-rw-r--r--main/fail2ban/APKBUILD29
-rw-r--r--main/fail2ban/alpine-ssh.jaild13
-rw-r--r--main/fail2ban/alpine-sshd-ddos.filterd26
-rw-r--r--main/fail2ban/alpine-sshd.filterd27
4 files changed, 90 insertions, 5 deletions
diff --git a/main/fail2ban/APKBUILD b/main/fail2ban/APKBUILD
index dcfc2740d6..7e8b655516 100644
--- a/main/fail2ban/APKBUILD
+++ b/main/fail2ban/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=fail2ban
pkgver=0.9.3
-pkgrel=0
+pkgrel=1
pkgdesc="Scans log files for login failures then updates iptables to reject originating ip address"
url="http://www.fail2ban.org"
arch="noarch"
@@ -12,7 +12,11 @@ depends="python iptables logrotate"
makedepends="python-dev python-dev py-setuptools"
source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/$pkgver.tar.gz
fail2ban.confd
- fail2ban.logrotate"
+ fail2ban.logrotate
+ alpine-ssh.jaild
+ alpine-sshd.filterd
+ alpine-sshd-ddos.filterd
+ "
_builddir="$srcdir"/$pkgname-$pkgver
build() {
@@ -29,14 +33,29 @@ package() {
|| return 1
install -Dm644 "$srcdir"/fail2ban.logrotate \
"$pkgdir"/etc/logrotate.d/fail2ban || return 1
+ install -Dm644 "$srcdir"/alpine-ssh.jaild \
+ "$pkgdir"/etc/fail2ban/jail.d/alpine-ssh.conf
+ install -Dm644 "$srcdir"/alpine-sshd.filterd \
+ "$pkgdir"/etc/fail2ban/filter.d/alpine-sshd.conf
+ install -Dm644 "$srcdir"/alpine-sshd-ddos.filterd \
+ "$pkgdir"/etc/fail2ban/filter.d/alpine-sshd-ddos.conf
}
md5sums="73c87c545cc6474de984b5a05e64ecab fail2ban-0.9.3.tar.gz
b209a04f9314dd064a4aa0ee505c8a4d fail2ban.confd
-6d1af6ceebd15c8ae3938bc675efe553 fail2ban.logrotate"
+6d1af6ceebd15c8ae3938bc675efe553 fail2ban.logrotate
+d79129324ec8710989be0d631362b1ab alpine-ssh.jaild
+16637b4f207bc9bd68812d02cc06cfad alpine-sshd.filterd
+d2634b4646276e5f9e4e3855e16725de alpine-sshd-ddos.filterd"
sha256sums="b3a0793d9ed3b4e341e568388c65bb07a904f77ac8044186376cab3e58e5b2c9 fail2ban-0.9.3.tar.gz
e35f1f820bfe5ecaac2696d60155c348d84af428e8c615e97b900c24a587d233 fail2ban.confd
-4cfe274ec9c71dd0ae0575298f5327230f6e67b2f8fc1a616c645d0f6b3ce02f fail2ban.logrotate"
+4cfe274ec9c71dd0ae0575298f5327230f6e67b2f8fc1a616c645d0f6b3ce02f fail2ban.logrotate
+e0d03b972bb90053be53c7dc8d2711a57a569dbb956b40cb0026676cdc5b47db alpine-ssh.jaild
+948e9b598a9242eb8bfef911c38d8af25c66554fd9c770e3017d636e59b98e16 alpine-sshd.filterd
+1015ff0831970e2f42863b5d5c33635de69ccdae184df72f6be1792cd67f6df8 alpine-sshd-ddos.filterd"
sha512sums="0a6c1a51f6b5eefc09d2d946c34cd935c36ad23f72bd7d3fe78e060d0cd03d63b7403069adfa26c303ef65069caf68230bc580765dc6093fe14b798c5c6ec39c fail2ban-0.9.3.tar.gz
1e7581dd04e7777d6fd5c40cc842a7ec5f4e6a0374673d020d89dd61bf4093d48934844bee89bcac9084f9ae44f3beb66e714cf3c2763d79c3e8feb790c5e43b fail2ban.confd
-60c80dcf8ced5a0323daef2df702f862d99ac45f56b91015ce39be8471cf9d6a3bb45d776df0330692f40db37638dc3ef2004cfc65f26d50dd67c94fbfdf4ec2 fail2ban.logrotate"
+60c80dcf8ced5a0323daef2df702f862d99ac45f56b91015ce39be8471cf9d6a3bb45d776df0330692f40db37638dc3ef2004cfc65f26d50dd67c94fbfdf4ec2 fail2ban.logrotate
+84915967ae1276f1e14a5813680ee2ebf081af1ff452a688ae5f9ac3363f4aff90e39f8e6456b5c33d5699917d28a16308797095fd1ef9bb1fbcb46d4cea3def alpine-ssh.jaild
+672762f513e14a29c0183fbab0f7acfa45e8e3e6d25f98d443bf82cad03d15af21b14789a223aeb5642806fa7c2092caede99593059b68230165c311b1eb7fea alpine-sshd.filterd
+36a81b771be0b36fe0dfb5ee4c72c9cb5b504e110618a8eb6f0f241b4e57d92df01dc5cc04b6b68d5bc6a5e6d68de1000092770285d7a328e5937e50b4b226a3 alpine-sshd-ddos.filterd"
diff --git a/main/fail2ban/alpine-ssh.jaild b/main/fail2ban/alpine-ssh.jaild
new file mode 100644
index 0000000000..3afcedf276
--- /dev/null
+++ b/main/fail2ban/alpine-ssh.jaild
@@ -0,0 +1,13 @@
+[sshd]
+enabled = true
+filter = alpine-sshd
+port = ssh
+logpath = /var/log/messages
+maxretry = 10
+
+[sshd-ddos]
+enabled = true
+filter = alpine-sshd-ddos
+port = ssh
+logpath = /var/log/messages
+maxretry = 10
diff --git a/main/fail2ban/alpine-sshd-ddos.filterd b/main/fail2ban/alpine-sshd-ddos.filterd
new file mode 100644
index 0000000000..ae40569473
--- /dev/null
+++ b/main/fail2ban/alpine-sshd-ddos.filterd
@@ -0,0 +1,26 @@
+# Fail2Ban ssh filter for at attempted exploit
+#
+# The regex here also relates to a exploit:
+#
+# http://www.securityfocus.com/bid/17958/exploit
+# The example code here shows the pushing of the exploit straight after
+# reading the server version. This is where the client version string normally
+# pushed. As such the server will read this unparsible information as
+# "Did not receive identification string".
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = sshd
+
+failregex = Did not receive identification string from <HOST>\s*$
+
+ignoreregex =
+
+[Init]
+
diff --git a/main/fail2ban/alpine-sshd.filterd b/main/fail2ban/alpine-sshd.filterd
new file mode 100644
index 0000000000..87718a963e
--- /dev/null
+++ b/main/fail2ban/alpine-sshd.filterd
@@ -0,0 +1,27 @@
+# Fail2Ban filter for openssh for Alpine
+#
+# If you want to protect OpenSSH from being bruteforced by password
+# authentication then get public key authentication working before disabling
+# PasswordAuthentication in sshd_config.
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = sshd
+
+failregex = Failed [-/\w]+ for .* from <HOST> port \d* ssh2
+
+ignoreregex =
+
+[Init]
+
+# "maxlines" is number of log lines to buffer for multi-line regex searches
+maxlines = 10
+
+