Gentoo Archives: gentoo-security

From: Elisamuel Resto <user00265@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] hackers
Date: Tue, 11 Oct 2005 13:32:28
Message-Id: 86ba35f70510110625j2c578dffn7707518aeeb44372@mail.gmail.com
In Reply to: Re: [gentoo-security] hackers by woody
fail2ban is not on the Portage tree, you need to install it manually or via
a ebuild on a overlay, this was discussed in another thread in this mailing
list.

As per another discussion in this list, what you have to do is:

- create a local overlay: /usr/local/portage and then net-firewall/fail2ban
- declare this overlay in you make.conf
- copy fail2ban-0.5.4.ebuild (see below) into
/usr/local/portage/net-firewall/fail2ban/
- create an new directory under fail2ban called 'files'
- copy fail2ban-0.5.4.tar.bz2 from sourceforge into this new directory
- run "ebuild fail2ban-0.5.4.ebuild digest"

And then simply emerge fail2ban.

Here is the ebuild:
-----------------------------
# Distributed under the terms of the GNU General Public License v2

DESCRIPTION="Bans IP that make too many password failures"
HOMEPAGE="http://sourceforge.net/projects/fail2ban"
SRC_URI="mirror://sourceforge/fail2ban/${P}.tar.bz2<mirror://sourceforge/fail2ban/$%7BP%7D.tar.bz2>
"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~x86 ~amd64"
IUSE=""
DEPEND=">=dev-lang/python-2.3"

src_install() {
# Use python setup
python setup.py install --root=${D} || die

# Use fail2ban.conf.default as default config file
insinto /etc
newins config/fail2ban.conf.default fail2ban.conf
# Install initd scripts
exeinto /etc/init.d
newexe config/gentoo-initd fail2ban
insinto /etc/conf.d
newins config/gentoo-confd fail2ban
# Doc
doman man/*.[0-9]
dodoc CHANGELOG README TODO
}

pkg_postinst() {
# The user must edit the config file
echo ""
einfo "Please edit /etc/fail2ban.conf with parameters"
einfo "which correspond to your system."
echo ""
}


On 10/11/05, woody < cyril@×××××××.org> wrote:
> > Jochen Maes wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hey all, > > > > > > ok one off my servers i keep on getting one iprange that tries to > > login through ssh (200-300) attemps with other usernames. > > This is probably a script that's being ran all the time, but the isp > > doesn't mind, i allready sent my logs and my complaints and i don't > > get any response. > > Is there something like hackerwatch that i can send those logs to > > (preferrably automatically) when happening? > > I've blocked the range now so isn't a problem but hate it that the isp > > doesn nothing against it. > > have a look to fail2ban.. > > diabolo prod # emerge -s fail2ban > Searching... > [ Results for search key : fail2ban ] > [ Applications found : 1 ] > > * net-firewall/fail2ban > Latest version available: 0.5.4 > Latest version installed: 0.5.4 > Size of downloaded files: 18 kB > Homepage: http://sourceforge.net/projects/fail2ban > Description: Bans IP that make too many password failures > License: GPL-2 > > > > > greetings, > > > > SeJo > > > > - -- > > "Defer no time, delays have dangerous ends" > > > > Jochen Maes Gentoo Linux > > Gentoo Belgium > > http://sejo.be > > http://gentoo.be > > http://gentoo.org > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.2 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > iD8DBQFDSjnYMXMsRNMHhmARAoXVAJ92bRcBAO04hIUk2VgBOcpm1gm9cgCgmNHe > > ZPNqAHab5fXLdx11vdod5rc= > > =35Kg > > -----END PGP SIGNATURE----- > > > > -- > gentoo-security@g.o mailing list > >