freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security/bruteforceblocker: update patterns

Browse Source 
- Update patterns to make them match with log messages from recent
  version of OpenSSH
- Remove LICENSE=NONE

PR:		234137
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Approved by:	danger (maintainer timeout)
This commit is contained in:
Kurt Jaeger
2019-02-12 04:24:46 +00:00
parent f1054be948
commit 1f10ca44d7
2 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
security/bruteforceblocker/Makefile
View File

@@ -3,24 +3,24 @@
PORTNAME= bruteforceblocker
PORTVERSION= 1.2.6
PORTREVISION= 1
CATEGORIES= security
MAINTAINER= danger@FreeBSD.org
COMMENT= Checks for SSH bruteforce and blocks given IPs
LICENSE= NONE
RUN_DEPENDS= p5-Unix-Syslog>=0:sysutils/p5-Unix-Syslog \
p5-Sys-Hostname-Long>=0:sysutils/p5-Sys-Hostname-Long \
p5-libwww>=0:www/p5-libwww \
p5-Net-DNS>=0:dns/p5-Net-DNS
USES= perl5 shebangfix
USE_GITHUB= yes
GH_ACCOUNT= dgerzo
NO_BUILD= yes
USES= perl5 shebangfix
USE_PERL5= run
NO_BUILD= yes
OPTIONS_DEFINE= DOCS
SUB_FILES= pkg-message

22
security/bruteforceblocker/files/patch-bruteforceblocker.pl Normal file
View File

@@ -0,0 +1,22 @@
--- bruteforceblocker.pl.orig 2018-12-18 11:17:19 UTC
+++ bruteforceblocker.pl
@@ -79,13 +79,13 @@ my $res = Net::DNS::Resolver->new;
while (<>) {
if (/.*Failed password.*from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i ||
/.*Failed keyboard.*from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i ||
- /.*Invalid user.*from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn})$/i ||
- /.*Did not receive identification string from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn})$/i ||
- /.*Bad protocol version identification .* from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn})$/i ||
+ /.*Invalid user.*from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i ||
+ /.*Did not receive identification string from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i ||
+ /.*Bad protocol version identification .* from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i ||
/.*User.*from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) not allowed because.*/i ||
- /.*error: maximum authentication attempts exceeded for.*from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}).*/i ||
- /.*error: PAM: authentication error for.*from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}).*/i ||
- /.*fatal: Unable to negotiate with ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}).*/i) {
+ /.*error: maximum authentication attempts exceeded for.*from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i ||
+ /.*error: PAM: authentication error for.*from ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i ||
+ /.*Unable to negotiate with ($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i) {
my $IP = $1;
if ($IP =~ /$work->{fqdn}/i) {