1 |
a3li 09/08/23 21:04:48 |
2 |
|
3 |
Added: fail2ban-CVE-2009-0362.patch |
4 |
Log: |
5 |
Non-maintainer commit: Revbump to fix security bug 258866. Removing unneeded vulnerable versions. |
6 |
(Portage version: 2.2_rc33/cvs/Linux x86_64) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: fail2ban-CVE-2009-0362.patch |
15 |
=================================================================== |
16 |
Patch for bug 258866. Taken via svn diff from upstream SVN. |
17 |
Removed Changelog and cyrus filter changes as they didn't apply. --a3li |
18 |
|
19 |
Index: testcases/filtertestcase.py |
20 |
=================================================================== |
21 |
--- testcases/filtertestcase.py (revision 727) |
22 |
+++ testcases/filtertestcase.py (revision 728) |
23 |
@@ -99,7 +99,7 @@ |
24 |
output = ('193.168.0.128', 3, 1124013599.0) |
25 |
|
26 |
self.__filter.addLogPath(GetFailures.FILENAME_01) |
27 |
- self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)") |
28 |
+ self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>") |
29 |
|
30 |
self.__filter.getFailures(GetFailures.FILENAME_01) |
31 |
|
32 |
@@ -116,7 +116,7 @@ |
33 |
output = ('141.3.81.106', 4, 1124013539.0) |
34 |
|
35 |
self.__filter.addLogPath(GetFailures.FILENAME_02) |
36 |
- self.__filter.addFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)") |
37 |
+ self.__filter.addFailRegex("Failed .* from <HOST>") |
38 |
|
39 |
self.__filter.getFailures(GetFailures.FILENAME_02) |
40 |
|
41 |
@@ -133,7 +133,7 @@ |
42 |
output = ('203.162.223.135', 6, 1124013544.0) |
43 |
|
44 |
self.__filter.addLogPath(GetFailures.FILENAME_03) |
45 |
- self.__filter.addFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown") |
46 |
+ self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") |
47 |
|
48 |
self.__filter.getFailures(GetFailures.FILENAME_03) |
49 |
|
50 |
@@ -151,7 +151,7 @@ |
51 |
('212.41.96.185', 4, 1124013598.0)] |
52 |
|
53 |
self.__filter.addLogPath(GetFailures.FILENAME_04) |
54 |
- self.__filter.addFailRegex("Invalid user .* (?P<host>\S*)") |
55 |
+ self.__filter.addFailRegex("Invalid user .* <HOST>") |
56 |
|
57 |
self.__filter.getFailures(GetFailures.FILENAME_04) |
58 |
|
59 |
Index: config/filter.d/postfix.conf |
60 |
=================================================================== |
61 |
--- config/filter.d/postfix.conf (revision 727) |
62 |
+++ config/filter.d/postfix.conf (revision 728) |
63 |
@@ -11,7 +11,7 @@ |
64 |
# Notes.: regex to match the password failures messages in the logfile. The |
65 |
# host must be matched by a group named "host". The tag "<HOST>" can |
66 |
# be used for standard IP/hostname matching and is only an alias for |
67 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
68 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
69 |
# Values: TEXT |
70 |
# |
71 |
failregex = reject: RCPT from (.*)\[<HOST>\]: 554 |
72 |
Index: config/filter.d/sshd.conf |
73 |
=================================================================== |
74 |
--- config/filter.d/sshd.conf (revision 727) |
75 |
+++ config/filter.d/sshd.conf (revision 728) |
76 |
@@ -20,7 +20,7 @@ |
77 |
# Notes.: regex to match the password failures messages in the logfile. The |
78 |
# host must be matched by a group named "host". The tag "<HOST>" can |
79 |
# be used for standard IP/hostname matching and is only an alias for |
80 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
81 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
82 |
# Values: TEXT |
83 |
# |
84 |
failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$ |
85 |
Index: config/filter.d/courierlogin.conf |
86 |
=================================================================== |
87 |
--- config/filter.d/courierlogin.conf (revision 727) |
88 |
+++ config/filter.d/courierlogin.conf (revision 728) |
89 |
@@ -12,7 +12,7 @@ |
90 |
# Notes.: regex to match the password failures messages in the logfile. The |
91 |
# host must be matched by a group named "host". The tag "<HOST>" can |
92 |
# be used for standard IP/hostname matching and is only an alias for |
93 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
94 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
95 |
# Values: TEXT |
96 |
# |
97 |
failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$ |
98 |
Index: config/filter.d/sasl.conf |
99 |
=================================================================== |
100 |
--- config/filter.d/sasl.conf (revision 727) |
101 |
+++ config/filter.d/sasl.conf (revision 728) |
102 |
@@ -11,7 +11,7 @@ |
103 |
# Notes.: regex to match the password failures messages in the logfile. The |
104 |
# host must be matched by a group named "host". The tag "<HOST>" can |
105 |
# be used for standard IP/hostname matching and is only an alias for |
106 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
107 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
108 |
# Values: TEXT |
109 |
# |
110 |
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$ |
111 |
Index: config/filter.d/exim.conf |
112 |
=================================================================== |
113 |
--- config/filter.d/exim.conf (revision 727) |
114 |
+++ config/filter.d/exim.conf (revision 728) |
115 |
@@ -11,7 +11,7 @@ |
116 |
# Notes.: regex to match the password failures messages in the logfile. The |
117 |
# host must be matched by a group named "host". The tag "<HOST>" can |
118 |
# be used for standard IP/hostname matching and is only an alias for |
119 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
120 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
121 |
# Values: TEXT |
122 |
# |
123 |
failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address) |
124 |
Index: config/filter.d/qmail.conf |
125 |
=================================================================== |
126 |
--- config/filter.d/qmail.conf (revision 727) |
127 |
+++ config/filter.d/qmail.conf (revision 728) |
128 |
@@ -11,7 +11,7 @@ |
129 |
# Notes.: regex to match the password failures messages in the logfile. The |
130 |
# host must be matched by a group named "host". The tag "<HOST>" can |
131 |
# be used for standard IP/hostname matching and is only an alias for |
132 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
133 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
134 |
# Values: TEXT |
135 |
# |
136 |
failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )<HOST> |
137 |
Index: config/filter.d/xinetd-fail.conf |
138 |
=================================================================== |
139 |
--- config/filter.d/xinetd-fail.conf (revision 727) |
140 |
+++ config/filter.d/xinetd-fail.conf (revision 728) |
141 |
@@ -11,7 +11,7 @@ |
142 |
# Notes.: regex to match the password failures messages in the logfile. The |
143 |
# host must be matched by a group named "host". The tag "<HOST>" can |
144 |
# be used for standard IP/hostname matching and is only an alias for |
145 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
146 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
147 |
# Values: TEXT |
148 |
# |
149 |
# Cfr.: /var/log/(daemon\.|sys)log |
150 |
Index: config/filter.d/vsftpd.conf |
151 |
=================================================================== |
152 |
--- config/filter.d/vsftpd.conf (revision 727) |
153 |
+++ config/filter.d/vsftpd.conf (revision 728) |
154 |
@@ -11,7 +11,7 @@ |
155 |
# Notes.: regex to match the password failures messages in the logfile. The |
156 |
# host must be matched by a group named "host". The tag "<HOST>" can |
157 |
# be used for standard IP/hostname matching and is only an alias for |
158 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
159 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
160 |
# Values: TEXT |
161 |
# |
162 |
failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$ |
163 |
Index: config/filter.d/pure-ftpd.conf |
164 |
=================================================================== |
165 |
--- config/filter.d/pure-ftpd.conf (revision 727) |
166 |
+++ config/filter.d/pure-ftpd.conf (revision 728) |
167 |
@@ -16,7 +16,7 @@ |
168 |
# Notes.: regex to match the password failures messages in the logfile. The |
169 |
# host must be matched by a group named "host". The tag "<HOST>" can |
170 |
# be used for standard IP/hostname matching and is only an alias for |
171 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
172 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
173 |
# Values: TEXT |
174 |
# |
175 |
failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$ |
176 |
Index: config/filter.d/couriersmtp.conf |
177 |
=================================================================== |
178 |
--- config/filter.d/couriersmtp.conf (revision 727) |
179 |
+++ config/filter.d/couriersmtp.conf (revision 728) |
180 |
@@ -11,7 +11,7 @@ |
181 |
# Notes.: regex to match the password failures messages in the logfile. The |
182 |
# host must be matched by a group named "host". The tag "<HOST>" can |
183 |
# be used for standard IP/hostname matching and is only an alias for |
184 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
185 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
186 |
# Values: TEXT |
187 |
# |
188 |
failregex = error,relay=<HOST>,.*550 User unknown |
189 |
Index: config/filter.d/proftpd.conf |
190 |
=================================================================== |
191 |
--- config/filter.d/proftpd.conf (revision 727) |
192 |
+++ config/filter.d/proftpd.conf (revision 728) |
193 |
@@ -11,7 +11,7 @@ |
194 |
# Notes.: regex to match the password failures messages in the logfile. The |
195 |
# host must be matched by a group named "host". The tag "<HOST>" can |
196 |
# be used for standard IP/hostname matching and is only an alias for |
197 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
198 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
199 |
# Values: TEXT |
200 |
# |
201 |
failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$ |
202 |
Index: config/filter.d/apache-noscript.conf |
203 |
=================================================================== |
204 |
--- config/filter.d/apache-noscript.conf (revision 727) |
205 |
+++ config/filter.d/apache-noscript.conf (revision 728) |
206 |
@@ -11,7 +11,7 @@ |
207 |
# Notes.: regex to match the password failure messages in the logfile. The |
208 |
# host must be matched by a group named "host". The tag "<HOST>" can |
209 |
# be used for standard IP/hostname matching and is only an alias for |
210 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
211 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
212 |
# Values: TEXT |
213 |
# |
214 |
failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl) |
215 |
Index: config/filter.d/apache-auth.conf |
216 |
=================================================================== |
217 |
--- config/filter.d/apache-auth.conf (revision 727) |
218 |
+++ config/filter.d/apache-auth.conf (revision 728) |
219 |
@@ -11,7 +11,7 @@ |
220 |
# Notes.: regex to match the password failure messages in the logfile. The |
221 |
# host must be matched by a group named "host". The tag "<HOST>" can |
222 |
# be used for standard IP/hostname matching and is only an alias for |
223 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
224 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
225 |
# Values: TEXT |
226 |
# |
227 |
failregex = [[]client <HOST>[]] user .* authentication failure |
228 |
Index: config/filter.d/webmin-auth.conf |
229 |
=================================================================== |
230 |
--- config/filter.d/webmin-auth.conf (revision 727) |
231 |
+++ config/filter.d/webmin-auth.conf (revision 728) |
232 |
@@ -15,7 +15,7 @@ |
233 |
# Notes.: regex to match the password failure messages in the logfile. The |
234 |
# host must be matched by a group named "host". The tag "<HOST>" can |
235 |
# be used for standard IP/hostname matching and is only an alias for |
236 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
237 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
238 |
# Values: TEXT |
239 |
# |
240 |
failregex = webmin.* Non-existent login as .+ from <HOST>$ |
241 |
Index: config/filter.d/common.conf |
242 |
=================================================================== |
243 |
--- config/filter.d/common.conf (revision 727) |
244 |
+++ config/filter.d/common.conf (revision 728) |
245 |
@@ -3,7 +3,7 @@ |
246 |
# |
247 |
# Author: Yaroslav Halchenko |
248 |
# |
249 |
-# $Revision: 1.1 $ |
250 |
+# $Revision: 1.1 $ |
251 |
# |
252 |
|
253 |
[INCLUDES] |
254 |
Index: config/filter.d/sshd-ddos.conf |
255 |
=================================================================== |
256 |
--- config/filter.d/sshd-ddos.conf (revision 727) |
257 |
+++ config/filter.d/sshd-ddos.conf (revision 728) |
258 |
@@ -11,7 +11,7 @@ |
259 |
# Notes.: regex to match the password failures messages in the logfile. The |
260 |
# host must be matched by a group named "host". The tag "<HOST>" can |
261 |
# be used for standard IP/hostname matching and is only an alias for |
262 |
-# (?:::f{4,6}:)?(?P<host>\S+) |
263 |
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
264 |
# Values: TEXT |
265 |
# |
266 |
failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$ |
267 |
Index: server/failregex.py |
268 |
=================================================================== |
269 |
--- server/failregex.py (revision 727) |
270 |
+++ server/failregex.py (revision 728) |
271 |
@@ -44,7 +44,7 @@ |
272 |
self._matchCache = None |
273 |
# Perform shortcuts expansions. |
274 |
# Replace "<HOST>" with default regular expression for host. |
275 |
- regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)") |
276 |
+ regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)") |
277 |
if regex.lstrip() == '': |
278 |
raise RegexException("Cannot add empty regex") |
279 |
try: |
280 |
Index: server/filter.py |
281 |
=================================================================== |
282 |
--- server/filter.py (revision 727) |
283 |
+++ server/filter.py (revision 728) |
284 |
@@ -492,7 +492,7 @@ |
285 |
|
286 |
class DNSUtils: |
287 |
|
288 |
- IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}") |
289 |
+ IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$") |
290 |
|
291 |
#@staticmethod |
292 |
def dnsToIp(dns): |