Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: Elisamuel Resto <user00265@...>
Subject: Re: hackers
Date: Tue, 11 Oct 2005 09:25:30 -0400
fail2ban is not on the Portage tree, you need to install it manually or
via a ebuild on a overlay, this was discussed in another thread in this
mailing list.<br><br>
As per another discussion in this list, what you have to do is:<br>
- create a local overlay: /usr/local/portage and then net-firewall/fail2ban<br>
- declare this overlay in you make.conf<br>
- copy fail2ban-0.5.4.ebuild (see below) into /usr/local/portage/net-firewall/fail2ban/<br>
<div id="mb_17">- create an new directory under fail2ban called 'files'<br>- copy fail2ban-0.5.4.tar.bz2 from sourceforge into this new directory<br>- run &quot;ebuild fail2ban-0.5.4.ebuild digest&quot;<br>
<br>And then simply emerge fail2ban.<br><br>Here is the ebuild:<br>-----------------------------<br># Distributed under the terms of the GNU General Public License v2<br><br>DESCRIPTION=&quot;Bans IP that make too many password failures&quot;
<br>HOMEPAGE=&quot;<a onclick="return top.js.OpenExtLink(window,event,this)" href="" target="_blank"></a>&quot;<br>SRC_URI=&quot;<a onclick="return top.js.OpenExtLink(window,event,this)" href="mirror://sourceforge/fail2ban/$%7BP%7D.tar.bz2" target="_blank">
mirror://sourceforge/fail2ban/${P}.tar.bz2</a>&quot;<br>LICENSE=&quot;GPL-2&quot;<br>SLOT=&quot;0&quot;<br>KEYWORDS=&quot;~x86 ~amd64&quot;<br>IUSE=&quot;&quot;<br>DEPEND=&quot;&gt;=dev-lang/python-2.3&quot;<br><br>src_install() {
<br> &nbsp; &nbsp; &nbsp; &nbsp;# Use python setup<br> &nbsp; &nbsp; &nbsp; &nbsp;python install --root=${D} || die<br><br> &nbsp; &nbsp; &nbsp; &nbsp;# Use fail2ban.conf.default as default config file<br> &nbsp; &nbsp; &nbsp; &nbsp;insinto /etc<br> &nbsp; &nbsp; &nbsp; &nbsp;newins config/fail2ban.conf.default 
fail2ban.conf<br> &nbsp; &nbsp; &nbsp; &nbsp;# Install initd scripts<br> &nbsp; &nbsp; &nbsp; &nbsp;exeinto /etc/init.d<br> &nbsp; &nbsp; &nbsp; &nbsp;newexe config/gentoo-initd fail2ban<br> &nbsp; &nbsp; &nbsp; &nbsp;insinto /etc/conf.d<br> &nbsp; &nbsp; &nbsp; &nbsp;newins config/gentoo-confd fail2ban<br> &nbsp; &nbsp; &nbsp; &nbsp;# Doc
<br> &nbsp; &nbsp; &nbsp; &nbsp;doman man/*.[0-9]<br> &nbsp; &nbsp; &nbsp; &nbsp;dodoc CHANGELOG README TODO<br>}<br><br>pkg_postinst() {<br> &nbsp; &nbsp; &nbsp; &nbsp;# The user must edit the config file<br> &nbsp; &nbsp; &nbsp; &nbsp;echo &quot;&quot;<br> &nbsp; &nbsp; &nbsp; &nbsp;einfo &quot;Please edit /etc/fail2ban.conf with parameters&quot;
<br> &nbsp; &nbsp; &nbsp; &nbsp;einfo &quot;which correspond to your system.&quot;<br> &nbsp; &nbsp; &nbsp; &nbsp;echo &quot;&quot;<br>}</div>
<br><div><span class="gmail_quote">On 10/11/05, <b class="gmail_sendername">woody</b> &lt;<a href="mailto:cyril@...">
cyril@...</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Jochen Maes wrote:<br>&gt; -----BEGIN PGP SIGNED MESSAGE-----
<br>&gt; Hash: SHA1<br>&gt;<br>&gt; Hey all,<br>&gt;<br>&gt;<br>&gt; ok one off my servers i keep on getting one iprange that tries to<br>&gt; login through ssh (200-300) attemps with other usernames.<br>&gt; This is probably a script that's being ran all the time, but the isp
<br>&gt; doesn't mind, i allready sent my logs and my complaints and i don't<br>&gt; get any response.<br>&gt; Is there something like hackerwatch that i can send those logs to<br>&gt; (preferrably automatically) when happening?
<br>&gt; I've blocked the range now so isn't a problem but hate it that the isp<br>&gt; doesn nothing against it.<br><br>have a look to fail2ban..<br><br>diabolo prod # emerge -s fail2ban<br>Searching...<br>[ Results for search key : fail2ban ]
<br>[ Applications found : 1 ]<br><br>*&nbsp;&nbsp;net-firewall/fail2ban<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Latest version available: 0.5.4<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Latest version installed: 0.5.4<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Size of downloaded files: 18 kB<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Homepage:&nbsp;&nbsp;&nbsp;&nbsp;<a href=""></a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Description: Bans IP that make too many password failures<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; License:&nbsp;&nbsp;&nbsp;&nbsp; GPL-2<br><br>&gt;<br>&gt; greetings,<br>&gt;<br>&gt; SeJo<br>&gt;<br>&gt; - --<br>&gt; &quot;Defer no time, delays have dangerous ends&quot;
Gentoo Linux<br>&gt; Gentoo Belgium<br>&gt; <a href=""></a><br>&gt; <a href=""></a><br>&gt; <a href=""></a><br>&gt; -----BEGIN PGP SIGNATURE-----
<br>&gt; Version: GnuPG v1.4.2 (GNU/Linux)<br>&gt; Comment: Using GnuPG with Mozilla - <a href=""></a><br>&gt;<br>&gt; iD8DBQFDSjnYMXMsRNMHhmARAoXVAJ92bRcBAO04hIUk2VgBOcpm1gm9cgCgmNHe
<br>&gt; ZPNqAHab5fXLdx11vdod5rc=<br>&gt; =35Kg<br>&gt; -----END PGP SIGNATURE-----<br>&gt;<br><br>--<br><a href="mailto:gentoo-security@g.o">gentoo-security@g.o</a> mailing list<br><br></blockquote></div><br>

-- Jochen Maes
Re: hackers
-- woody
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: hackers
Next by thread:
Release Signing Key
Previous by date:
Re: hackers
Next by date:
Re: hackers

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.