From d1db472dd7754d2fdb6e747d34f7ada708004bf2 Mon Sep 17 00:00:00 2001 From: Dinko Korunic Date: Sat, 17 Jan 2009 11:22:54 +0100 Subject: [PATCH 1/1] * inicijalna verzija paketa * omogucava se integracija s auth greskama u PAM sustavu, te sshd detekcija --- README.CARNet | 9 +++++++ changelog.CARNet | 1 + debian/changelog | 6 +++++ debian/compat | 1 + debian/control | 24 ++++++++++++++++++ debian/docs | 2 ++ debian/postinst | 63 ++++++++++++++++++++++++++++++++++++++++++++++ debian/rules | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 179 insertions(+) create mode 100644 README.CARNet create mode 120000 changelog.CARNet create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/docs create mode 100755 debian/postinst create mode 100755 debian/rules diff --git a/README.CARNet b/README.CARNet new file mode 100644 index 0000000..02a72fb --- /dev/null +++ b/README.CARNet @@ -0,0 +1,9 @@ +fail2ban-cn +~~~~~~~~~~~ + +Paket donosi neke minimalne izmjene u konfiguraciji osnovnog Debian paketa +radi poboljsanja lokalne sigurnosti. Tipicno, paket omogucuje +detekciju/citanje SSH bruteforcing uzoraka (auth.log), kao i reakciju na +bruteforcing PAM modula (auth.log). + + -- Dinko Korunic Fri, 16 Jan 2009 18:52:22 +0100 diff --git a/changelog.CARNet b/changelog.CARNet new file mode 120000 index 0000000..194579e --- /dev/null +++ b/changelog.CARNet @@ -0,0 +1 @@ +changelog.Debian \ No newline at end of file diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..dc81633 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,6 @@ +fail2ban-cn (0.8.3-1) stable; urgency=low + + * inicijalna verzija paketa + * omogucava se integracija s auth greskama u PAM sustavu, te sshd detekcija + + -- Dinko Korunic Fri, 16 Jan 2009 19:52:28 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b8626c4 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +4 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..80216f3 --- /dev/null +++ b/debian/control @@ -0,0 +1,24 @@ +Source: fail2ban-cn +Section: net +Priority: optional +Maintainer: Dinko Korunic +Build-Depends: debhelper (>= 4) +Standards-Version: 3.7.2 + +Package: fail2ban-cn +Architecture: all +Depends: fail2ban (>= 0.8.3-1~bpo40+1) +Description: bans IPs that cause multiple authentication errors + Monitors log files (e.g. /var/log/auth.log, + /var/log/apache/access.log) and temporarily or persistently bans + failure-prone addresses by updating existing firewall rules. The + software was completely rewritten at version 0.7.0 and now allows + easy specification of different actions to be taken such as to ban an + IP using iptables or hostsdeny rules, or simply to send a + notification email. Currently, by default, supports ssh/apache/vsftpd + but configuration can be easily extended for monitoring any other ASCII + file. All filters and actions are given in the config files, thus + fail2ban can be adopted to be used with a variety of files and + firewalls. + . + This package brings CARNet-related configuration. diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..ef5ce6c --- /dev/null +++ b/debian/docs @@ -0,0 +1,2 @@ +changelog.CARNet +README.CARNet diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..0635772 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,63 @@ +#!/bin/sh +# postinst script for bind9-cn +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +case "$1" in + configure|reconfigure) + # continue below + ;; + + *) + exit 0 + ;; +esac + +# import CN-functions +. /usr/share/carnet-tools/functions.sh + +CONF=/etc/fail2ban/jail.conf + +if [ -e "$CONF" ]; then + # enable ssh and pam-generic services + perl -ne 'if (/\[(ssh|pam-generic)\]/ .. /enabled/) { $_ =~ s/enabled = false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \ + mv "$CONF.$$" "$CONF" + rm -f "$CONF.$$" + + # add network address and class if needed + cp_get_netaddr || true + NETADDR="$RET" + IGNOREIP=$(grep '^ignoreip' "$CONF") + if ! echo "$IGNOREIP" | grep -q "$NETADDR"; then + cp_check_and_sed '^ignoreip' \ + "s;^\(ignoreip.*\)$;\1 $NETADDR;g" "$CONF" || true + fi +fi + +# restart the services +if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d fail2ban restart || exit $? +else + /etc/init.d/fail2ban restart || exit $? +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..ec73f03 --- /dev/null +++ b/debian/rules @@ -0,0 +1,73 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# This file is public domain software, originally written by Joey Hess. +# +# This version is for packages that are architecture independent. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +build: build-stamp +build-stamp: + dh_testdir + + # Add here commands to compile the package. + #$(MAKE) + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + #-$(MAKE) clean + #-$(MAKE) distclean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/. + #$(MAKE) prefix=`pwd`/debian/`dh_listpackages`/usr install + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs +# dh_installexamples +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installcatalogs +# dh_installpam +# dh_installmime +# dh_installinit +# dh_installcron +# dh_installinfo +# dh_undocumented + dh_installman + dh_link + dh_compress + dh_fixperms +# dh_perl +# dh_python + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install +# We have nothing to do by default. + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install -- 1.7.10.4