fail2ban: cherry picked openssh 9.8 support, fixed default dovecot path

2024-07-17 21:00:46 +02:00 · 2024-07-17 21:00:46 +02:00 · 262720ee8f
commit 262720ee8f
parent dca04582b9
5 changed files with 57 additions and 11 deletions
--- a/fail2ban/.signature
+++ b/fail2ban/.signature
@ -1,7 +1,9 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF33o9DDq2YFji6O8kFa1yGvguKAZMuFNtL4zaYbPqV3/4xWZTjOeXBYRZUVfRMGQqrj4zlSUWZMZZLxfTTeBUDQA=
-SHA256 (Pkgfile) = 8374f641deb4de9fe2c3bf1d99e0f7338a72d11c2ade7c5acecd4bf5e6c26127
+RWSagIOpLGJF3xFFFJKXR0GoJGIw/MMwGPQXStLZGdxab+yvW+pR8kU9qMPu/yTIolUu6HiJ+59R2BjFZwZj9VdwrEwi3YM7ngA=
+SHA256 (Pkgfile) = c28eb3eb6c8af0cdcc8e978f6594d1dc17d19920eb25b518893bcbe9263e40ae
 SHA256 (.footprint) = 820f8ec11bd2570df5ff505cc059a5f46e8aa7a24956065289cbb0bf543a64c7
 SHA256 (fail2ban-1.1.0.tar.gz) = 474fcc25afdaf929c74329d1e4d24420caabeea1ef2e041a267ce19269570bae
+SHA256 (2fed408c05ac5206b490368d94599869bd6a056d.patch) = 1a1a251de039cf567ac81be76ab2b516a44a68751b4432145159fe3b3a59a24a
+SHA256 (50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch) = b959a99fcdf1aa9966e33845fa7522cdf2cc256e98d5230ac47b28057ca70690
 SHA256 (fail2ban.rc) = 2ce3ca9c641dcaa29028909b4f9a2d7f22533ac9d3be9aba45a8362fcb4e36b0
-SHA256 (paths-crux.conf) = 41e6c077c568d7e2fe600e893aa70d7912dcd0316a88f5a695f5ff0d558c8f82
+SHA256 (paths-crux.conf) = 7362f8bfadb65a670ccaf5fe6d318776c7f08dd065f8c772da5c825354674e7e
--- a/fail2ban/2fed408c05ac5206b490368d94599869bd6a056d.patch
+++ b/fail2ban/2fed408c05ac5206b490368d94599869bd6a056d.patch
@ -0,0 +1,22 @@
+From 2fed408c05ac5206b490368d94599869bd6a056d Mon Sep 17 00:00:00 2001
+From: Fabian Dellwing <fabian.dellwing@mbconnectline.de>
+Date: Tue, 2 Jul 2024 07:54:15 +0200
+Subject: [PATCH] Adjust sshd filter for OpenSSH 9.8 new daemon name
+
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index 1c8a02deb5..a1fd749aed 100644
+--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
+@@ -16,7 +16,7 @@ before = common.conf
+ 
+ [DEFAULT]
+ 
+-_daemon = sshd
+_daemon = (?:sshd(?:-session)?)
+ 
+ # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+ __pref = (?:(?:error|fatal): (?:PAM: )?)?
--- a/fail2ban/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch
+++ b/fail2ban/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch
@ -0,0 +1,22 @@
+From 50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Wed, 3 Jul 2024 19:35:28 +0200
+Subject: [PATCH] filter.d/sshd.conf: ungroup (unneeded for _daemon)
+
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index a1fd749aed..3a84b1ba52 100644
+--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
+@@ -16,7 +16,7 @@ before = common.conf
+ 
+ [DEFAULT]
+ 
+-_daemon = (?:sshd(?:-session)?)
+_daemon = sshd(?:-session)?
+ 
+ # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+ __pref = (?:(?:error|fatal): (?:PAM: )?)?
--- a/fail2ban/Pkgfile
+++ b/fail2ban/Pkgfile
@ -6,14 +6,18 @@

 name=fail2ban
 version=1.1.0
-release=1
+release=2
 source=(https://github.com/fail2ban/$name/archive/$version/$name-$version.tar.gz
+  2fed408c05ac5206b490368d94599869bd6a056d.patch
+  50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch
  fail2ban.rc
  paths-crux.conf)

 build() {
  cd $name-$version

+  patch -Np1 -i $SRC/2fed408c05ac5206b490368d94599869bd6a056d.patch
+  patch -Np1 -i $SRC/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch
  /usr/bin/python3 setup.py build
  /usr/bin/python3 setup.py install --root=$PKG --prefix=/usr --skip-build
  /usr/bin/python3 -mcompileall $PKG
--- a/fail2ban/paths-crux.conf
+++ b/fail2ban/paths-crux.conf
@ -7,8 +7,8 @@ syslog_local0 = /var/log/messages
 syslog_authpriv = /var/log/auth.log
 syslog_daemon  = %(syslog_local0)s
 syslog_ftp = %(syslog_local0)s
-syslog_mail =
-syslog_mail_warn =
+syslog_mail = /var/log/mail
+syslog_mail_warn = %(syslog_mail)s
 syslog_user = %(syslog_local0)s

 # Set the default syslog backend target to default_backend
@ -48,12 +48,8 @@ vsftpd_log = /var/log/vsftpd.log
 postfix_log = %(syslog_mail_warn)s
 postfix_backend = %(default_backend)s

-dovecot_log = /var/log/dovecot
+dovecot_log = %(syslog_mail_warn)s
 dovecot_backend = %(default_backend)s

-# todo
-#mysql_log = 
-#mysql_backend = %(default_backend)s
-
 # Directory with ignorecommand scripts
 ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands