[pam_shield/el6/master] added patch file
by Carl Thompson
commit 4053786763626daf57d1d1e83111b43429d898a9
Author: Carl Thompson <fedora(a)red-dragon.com>
Date: Sat Apr 30 19:30:34 2011 -0500
added patch file
shield-trigger-iptables.patch | 38 ++++++++++++++++++++++++++++++++++++++
1 files changed, 38 insertions(+), 0 deletions(-)
---
diff --git a/shield-trigger-iptables.patch b/shield-trigger-iptables.patch
new file mode 100644
index 0000000..2d10da3
--- /dev/null
+++ b/shield-trigger-iptables.patch
@@ -0,0 +1,38 @@
+--- shield-trigger-iptables 2011-01-12 13:59:18.000000000 -0600
++++ shield-trigger-iptables 2011-04-30 18:31:36.373742766 -0500
+@@ -32,6 +32,25 @@
+ IPT=ip6tables
+ fi
+
++# switch -A for iptables to -I
++ if [ "$1" == "-A" ]
++ then
++ TASK="-I"
++ else
++ TASK="-D"
++ fi
++
++# check to see if pam_shield chain exists and create if necessary
++ if [ "$TASK" == "-I" ]
++ then
++ CHAIN_TEST=`$IPT -L pam_shield 2>/dev/null`
++ if [ -z "$CHAIN_TEST" ]
++ then
++ "$IPT" -N pam_shield
++ "$IPT" -I pam_shield -j DROP
++ fi
++ fi
++
+ #
+ # CUSTOMIZE THIS RULE
+ #
+@@ -43,7 +62,8 @@
+ # * put in the correct port number (22 is ssh)
+ # * add additional rules for additional services as needed
+ #
+- "$IPT" "$1" INPUT -i eth0 -p tcp -s "$2" --destination-port 22 -j pam_shield
++
++ "$IPT" "$TASK" INPUT -i eth0 -p tcp -s "$2" -j pam_shield
+
+ # mail -s "[security] pam_shield blocked $2" root <<EOF
+ #Another monkey kept off our backs ...
8Â years, 7Â months
[pam_shield] added patch file
by Carl Thompson
commit e3c9a9cbf03bf69fac5b6307b193e4972d01882e
Author: Carl Thompson <fedora(a)red-dragon.com>
Date: Sat Apr 30 19:28:49 2011 -0500
added patch file
shield-trigger-iptables.patch | 38 ++++++++++++++++++++++++++++++++++++++
1 files changed, 38 insertions(+), 0 deletions(-)
---
diff --git a/shield-trigger-iptables.patch b/shield-trigger-iptables.patch
new file mode 100644
index 0000000..2d10da3
--- /dev/null
+++ b/shield-trigger-iptables.patch
@@ -0,0 +1,38 @@
+--- shield-trigger-iptables 2011-01-12 13:59:18.000000000 -0600
++++ shield-trigger-iptables 2011-04-30 18:31:36.373742766 -0500
+@@ -32,6 +32,25 @@
+ IPT=ip6tables
+ fi
+
++# switch -A for iptables to -I
++ if [ "$1" == "-A" ]
++ then
++ TASK="-I"
++ else
++ TASK="-D"
++ fi
++
++# check to see if pam_shield chain exists and create if necessary
++ if [ "$TASK" == "-I" ]
++ then
++ CHAIN_TEST=`$IPT -L pam_shield 2>/dev/null`
++ if [ -z "$CHAIN_TEST" ]
++ then
++ "$IPT" -N pam_shield
++ "$IPT" -I pam_shield -j DROP
++ fi
++ fi
++
+ #
+ # CUSTOMIZE THIS RULE
+ #
+@@ -43,7 +62,8 @@
+ # * put in the correct port number (22 is ssh)
+ # * add additional rules for additional services as needed
+ #
+- "$IPT" "$1" INPUT -i eth0 -p tcp -s "$2" --destination-port 22 -j pam_shield
++
++ "$IPT" "$TASK" INPUT -i eth0 -p tcp -s "$2" -j pam_shield
+
+ # mail -s "[security] pam_shield blocked $2" root <<EOF
+ #Another monkey kept off our backs ...
8Â years, 7Â months
[pam_shield/f14/master] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance
by Carl Thompson
commit 9c0d78c1f5498c6df1bdb9a5e8bdcf8510f99070
Author: Carl Thompson <fedora(a)red-dragon.com>
Date: Sat Apr 30 19:25:27 2011 -0500
patched shield-trigger-iptables to insert rules instead of add
and added checks for chain existance and creation if necessary
before adding rules to iptables/ip6tables and dropped the
destination port so it can be used for any service
pam_shield.spec | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/pam_shield.spec b/pam_shield.spec
index 4750314..9a35fc4 100644
--- a/pam_shield.spec
+++ b/pam_shield.spec
@@ -1,6 +1,6 @@
Name: pam_shield
Version: 0.9.5
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: Pam Shield - A pam module to counter brute force attacks
Group: System Environment/Libraries
@@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pam-devel, gdbm-devel
Patch0: shield_purge_segfault.patch
+Patch1: shield-trigger-iptables.patch
%description
This is a pam module that supports brute force blocking against pam
@@ -21,6 +22,7 @@ authentication mechanisms.
%prep
%setup -q -n pam_shield-%{version}
%patch0 -p0 -b .shield_purge_segfault
+%patch1 -p0 -b .shield_trigger_iptables
#disable debug by default
sed -i -e 's/debug on/debug off/' shield.conf
#change to block all users for failed attempts
@@ -87,6 +89,11 @@ rm -rf %{buildroot}
%{_sbindir}/shield-trigger-iptables
%changelog
+* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8
+- patches shield-trigger-iptables to insert rules instead of add
+- and added checks for chain existance and creation if necessary
+- before adding rules to iptables/ip6tables and dropped the
+- destination port so it can be used for any service
* Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7
- restored /var/lib/pam_shield to 700
* Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6
8Â years, 7Â months
[pam_shield/f13/master] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance
by Carl Thompson
commit c6a6325411fc69250947244ac394eb7cf276386b
Author: Carl Thompson <fedora(a)red-dragon.com>
Date: Sat Apr 30 19:23:24 2011 -0500
patched shield-trigger-iptables to insert rules instead of add
and added checks for chain existance and creation if necessary
before adding rules to iptables/ip6tables and dropped the
destination port so it can be used for any service
pam_shield.spec | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/pam_shield.spec b/pam_shield.spec
index 4750314..9a35fc4 100644
--- a/pam_shield.spec
+++ b/pam_shield.spec
@@ -1,6 +1,6 @@
Name: pam_shield
Version: 0.9.5
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: Pam Shield - A pam module to counter brute force attacks
Group: System Environment/Libraries
@@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pam-devel, gdbm-devel
Patch0: shield_purge_segfault.patch
+Patch1: shield-trigger-iptables.patch
%description
This is a pam module that supports brute force blocking against pam
@@ -21,6 +22,7 @@ authentication mechanisms.
%prep
%setup -q -n pam_shield-%{version}
%patch0 -p0 -b .shield_purge_segfault
+%patch1 -p0 -b .shield_trigger_iptables
#disable debug by default
sed -i -e 's/debug on/debug off/' shield.conf
#change to block all users for failed attempts
@@ -87,6 +89,11 @@ rm -rf %{buildroot}
%{_sbindir}/shield-trigger-iptables
%changelog
+* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8
+- patches shield-trigger-iptables to insert rules instead of add
+- and added checks for chain existance and creation if necessary
+- before adding rules to iptables/ip6tables and dropped the
+- destination port so it can be used for any service
* Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7
- restored /var/lib/pam_shield to 700
* Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6
8Â years, 7Â months
[pam_shield/el6/master] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance
by Carl Thompson
commit b24f62448759afae2b4a958ddfad711250b4c342
Author: Carl Thompson <fedora(a)red-dragon.com>
Date: Sat Apr 30 19:21:58 2011 -0500
patched shield-trigger-iptables to insert rules instead of add
and added checks for chain existance and creation if necessary
before adding rules to iptables/ip6tables and dropped the
destination port so it can be used for any service
pam_shield.spec | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/pam_shield.spec b/pam_shield.spec
index 4750314..9a35fc4 100644
--- a/pam_shield.spec
+++ b/pam_shield.spec
@@ -1,6 +1,6 @@
Name: pam_shield
Version: 0.9.5
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: Pam Shield - A pam module to counter brute force attacks
Group: System Environment/Libraries
@@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pam-devel, gdbm-devel
Patch0: shield_purge_segfault.patch
+Patch1: shield-trigger-iptables.patch
%description
This is a pam module that supports brute force blocking against pam
@@ -21,6 +22,7 @@ authentication mechanisms.
%prep
%setup -q -n pam_shield-%{version}
%patch0 -p0 -b .shield_purge_segfault
+%patch1 -p0 -b .shield_trigger_iptables
#disable debug by default
sed -i -e 's/debug on/debug off/' shield.conf
#change to block all users for failed attempts
@@ -87,6 +89,11 @@ rm -rf %{buildroot}
%{_sbindir}/shield-trigger-iptables
%changelog
+* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8
+- patches shield-trigger-iptables to insert rules instead of add
+- and added checks for chain existance and creation if necessary
+- before adding rules to iptables/ip6tables and dropped the
+- destination port so it can be used for any service
* Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7
- restored /var/lib/pam_shield to 700
* Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6
8Â years, 7Â months
[pam_shield/el5/master] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance
by Carl Thompson
commit da97f830a52a25ab4c61aa48e368b1347da3f2c8
Author: Carl Thompson <fedora(a)red-dragon.com>
Date: Sat Apr 30 19:20:09 2011 -0500
patched shield-trigger-iptables to insert rules instead of add
and added checks for chain existance and creation if necessary
before adding rules to iptables/ip6tables and dropped the
destination port so it can be used for any service
pam_shield.spec | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/pam_shield.spec b/pam_shield.spec
index 4750314..9a35fc4 100644
--- a/pam_shield.spec
+++ b/pam_shield.spec
@@ -1,6 +1,6 @@
Name: pam_shield
Version: 0.9.5
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: Pam Shield - A pam module to counter brute force attacks
Group: System Environment/Libraries
@@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pam-devel, gdbm-devel
Patch0: shield_purge_segfault.patch
+Patch1: shield-trigger-iptables.patch
%description
This is a pam module that supports brute force blocking against pam
@@ -21,6 +22,7 @@ authentication mechanisms.
%prep
%setup -q -n pam_shield-%{version}
%patch0 -p0 -b .shield_purge_segfault
+%patch1 -p0 -b .shield_trigger_iptables
#disable debug by default
sed -i -e 's/debug on/debug off/' shield.conf
#change to block all users for failed attempts
@@ -87,6 +89,11 @@ rm -rf %{buildroot}
%{_sbindir}/shield-trigger-iptables
%changelog
+* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8
+- patches shield-trigger-iptables to insert rules instead of add
+- and added checks for chain existance and creation if necessary
+- before adding rules to iptables/ip6tables and dropped the
+- destination port so it can be used for any service
* Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7
- restored /var/lib/pam_shield to 700
* Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6
8Â years, 7Â months
[pam_shield] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance
by Carl Thompson
commit 80217bcc25c40f3b4b4197c6e2279418a10ff8e3
Author: Carl Thompson <fedora(a)red-dragon.com>
Date: Sat Apr 30 19:16:36 2011 -0500
patched shield-trigger-iptables to insert rules instead of add
and added checks for chain existance and creation if necessary
before adding rules to iptables/ip6tables and dropped the
destination port so it can be used for any service
pam_shield.spec | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/pam_shield.spec b/pam_shield.spec
index 4750314..9a35fc4 100644
--- a/pam_shield.spec
+++ b/pam_shield.spec
@@ -1,6 +1,6 @@
Name: pam_shield
Version: 0.9.5
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: Pam Shield - A pam module to counter brute force attacks
Group: System Environment/Libraries
@@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pam-devel, gdbm-devel
Patch0: shield_purge_segfault.patch
+Patch1: shield-trigger-iptables.patch
%description
This is a pam module that supports brute force blocking against pam
@@ -21,6 +22,7 @@ authentication mechanisms.
%prep
%setup -q -n pam_shield-%{version}
%patch0 -p0 -b .shield_purge_segfault
+%patch1 -p0 -b .shield_trigger_iptables
#disable debug by default
sed -i -e 's/debug on/debug off/' shield.conf
#change to block all users for failed attempts
@@ -87,6 +89,11 @@ rm -rf %{buildroot}
%{_sbindir}/shield-trigger-iptables
%changelog
+* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8
+- patches shield-trigger-iptables to insert rules instead of add
+- and added checks for chain existance and creation if necessary
+- before adding rules to iptables/ip6tables and dropped the
+- destination port so it can be used for any service
* Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7
- restored /var/lib/pam_shield to 700
* Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6
8Â years, 7Â months