Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Elisamuel Resto <user00265@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] hackers
Date: Tue, 11 Oct 2005 13:32:28
Message-Id: 86ba35f70510110625j2c578dffn7707518aeeb44372@mail.gmail.com
In Reply to: Re: [gentoo-security] hackers by woody
1 fail2ban is not on the Portage tree, you need to install it manually or via
2 a ebuild on a overlay, this was discussed in another thread in this mailing
3 list.
4
5 As per another discussion in this list, what you have to do is:
6
7 - create a local overlay: /usr/local/portage and then net-firewall/fail2ban
8 - declare this overlay in you make.conf
9 - copy fail2ban-0.5.4.ebuild (see below) into
10 /usr/local/portage/net-firewall/fail2ban/
11 - create an new directory under fail2ban called 'files'
12 - copy fail2ban-0.5.4.tar.bz2 from sourceforge into this new directory
13 - run "ebuild fail2ban-0.5.4.ebuild digest"
14
15 And then simply emerge fail2ban.
16
17 Here is the ebuild:
18 -----------------------------
19 # Distributed under the terms of the GNU General Public License v2
20
21 DESCRIPTION="Bans IP that make too many password failures"
22 HOMEPAGE="http://sourceforge.net/projects/fail2ban"
23 SRC_URI="mirror://sourceforge/fail2ban/${P}.tar.bz2<mirror://sourceforge/fail2ban/$%7BP%7D.tar.bz2>
24 "
25 LICENSE="GPL-2"
26 SLOT="0"
27 KEYWORDS="~x86 ~amd64"
28 IUSE=""
29 DEPEND=">=dev-lang/python-2.3"
30
31 src_install() {
32 # Use python setup
33 python setup.py install --root=${D} || die
34
35 # Use fail2ban.conf.default as default config file
36 insinto /etc
37 newins config/fail2ban.conf.default fail2ban.conf
38 # Install initd scripts
39 exeinto /etc/init.d
40 newexe config/gentoo-initd fail2ban
41 insinto /etc/conf.d
42 newins config/gentoo-confd fail2ban
43 # Doc
44 doman man/*.[0-9]
45 dodoc CHANGELOG README TODO
46 }
47
48 pkg_postinst() {
49 # The user must edit the config file
50 echo ""
51 einfo "Please edit /etc/fail2ban.conf with parameters"
52 einfo "which correspond to your system."
53 echo ""
54 }
55
56
57 On 10/11/05, woody < cyril@×××××××.org> wrote:
58 >
59 > Jochen Maes wrote:
60 > > -----BEGIN PGP SIGNED MESSAGE-----
61 > > Hash: SHA1
62 > >
63 > > Hey all,
64 > >
65 > >
66 > > ok one off my servers i keep on getting one iprange that tries to
67 > > login through ssh (200-300) attemps with other usernames.
68 > > This is probably a script that's being ran all the time, but the isp
69 > > doesn't mind, i allready sent my logs and my complaints and i don't
70 > > get any response.
71 > > Is there something like hackerwatch that i can send those logs to
72 > > (preferrably automatically) when happening?
73 > > I've blocked the range now so isn't a problem but hate it that the isp
74 > > doesn nothing against it.
75 >
76 > have a look to fail2ban..
77 >
78 > diabolo prod # emerge -s fail2ban
79 > Searching...
80 > [ Results for search key : fail2ban ]
81 > [ Applications found : 1 ]
82 >
83 > * net-firewall/fail2ban
84 > Latest version available: 0.5.4
85 > Latest version installed: 0.5.4
86 > Size of downloaded files: 18 kB
87 > Homepage: http://sourceforge.net/projects/fail2ban
88 > Description: Bans IP that make too many password failures
89 > License: GPL-2
90 >
91 > >
92 > > greetings,
93 > >
94 > > SeJo
95 > >
96 > > - --
97 > > "Defer no time, delays have dangerous ends"
98 > >
99 > > Jochen Maes Gentoo Linux
100 > > Gentoo Belgium
101 > > http://sejo.be
102 > > http://gentoo.be
103 > > http://gentoo.org
104 > > -----BEGIN PGP SIGNATURE-----
105 > > Version: GnuPG v1.4.2 (GNU/Linux)
106 > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
107 > >
108 > > iD8DBQFDSjnYMXMsRNMHhmARAoXVAJ92bRcBAO04hIUk2VgBOcpm1gm9cgCgmNHe
109 > > ZPNqAHab5fXLdx11vdod5rc=
110 > > =35Kg
111 > > -----END PGP SIGNATURE-----
112 > >
113 >
114 > --
115 > gentoo-security@g.o mailing list
116 >
117 >
Report Message
Find on MARC Find on Google Groups