May 2011 - scm-commits - Fedora Mailing-Lists

[pam_shield/el6/master] added patch file

by Carl Thompson

commit 4053786763626daf57d1d1e83111b43429d898a9 Author: Carl Thompson <fedora(a)red-dragon.com> Date: Sat Apr 30 19:30:34 2011 -0500 added patch file shield-trigger-iptables.patch | 38 ++++++++++++++++++++++++++++++++++++++ 1 files changed, 38 insertions(+), 0 deletions(-) --- diff --git a/shield-trigger-iptables.patch b/shield-trigger-iptables.patch new file mode 100644 index 0000000..2d10da3 --- /dev/null +++ b/shield-trigger-iptables.patch @@ -0,0 +1,38 @@ +--- shield-trigger-iptables 2011-01-12 13:59:18.000000000 -0600 ++++ shield-trigger-iptables 2011-04-30 18:31:36.373742766 -0500 +@@ -32,6 +32,25 @@ + IPT=ip6tables + fi + ++# switch -A for iptables to -I ++ if [ "$1" == "-A" ] ++ then ++ TASK="-I" ++ else ++ TASK="-D" ++ fi ++ ++# check to see if pam_shield chain exists and create if necessary ++ if [ "$TASK" == "-I" ] ++ then ++ CHAIN_TEST=`$IPT -L pam_shield 2>/dev/null` ++ if [ -z "$CHAIN_TEST" ] ++ then ++ "$IPT" -N pam_shield ++ "$IPT" -I pam_shield -j DROP ++ fi ++ fi ++ + # + # CUSTOMIZE THIS RULE + # +@@ -43,7 +62,8 @@ + # * put in the correct port number (22 is ssh) + # * add additional rules for additional services as needed + # +- "$IPT" "$1" INPUT -i eth0 -p tcp -s "$2" --destination-port 22 -j pam_shield ++ ++ "$IPT" "$TASK" INPUT -i eth0 -p tcp -s "$2" -j pam_shield + + # mail -s "[security] pam_shield blocked $2" root <<EOF + #Another monkey kept off our backs ...

8 years, 3 months

1
0
0 / 0

[pam_shield] added patch file

by Carl Thompson

commit e3c9a9cbf03bf69fac5b6307b193e4972d01882e Author: Carl Thompson <fedora(a)red-dragon.com> Date: Sat Apr 30 19:28:49 2011 -0500 added patch file shield-trigger-iptables.patch | 38 ++++++++++++++++++++++++++++++++++++++ 1 files changed, 38 insertions(+), 0 deletions(-) --- diff --git a/shield-trigger-iptables.patch b/shield-trigger-iptables.patch new file mode 100644 index 0000000..2d10da3 --- /dev/null +++ b/shield-trigger-iptables.patch @@ -0,0 +1,38 @@ +--- shield-trigger-iptables 2011-01-12 13:59:18.000000000 -0600 ++++ shield-trigger-iptables 2011-04-30 18:31:36.373742766 -0500 +@@ -32,6 +32,25 @@ + IPT=ip6tables + fi + ++# switch -A for iptables to -I ++ if [ "$1" == "-A" ] ++ then ++ TASK="-I" ++ else ++ TASK="-D" ++ fi ++ ++# check to see if pam_shield chain exists and create if necessary ++ if [ "$TASK" == "-I" ] ++ then ++ CHAIN_TEST=`$IPT -L pam_shield 2>/dev/null` ++ if [ -z "$CHAIN_TEST" ] ++ then ++ "$IPT" -N pam_shield ++ "$IPT" -I pam_shield -j DROP ++ fi ++ fi ++ + # + # CUSTOMIZE THIS RULE + # +@@ -43,7 +62,8 @@ + # * put in the correct port number (22 is ssh) + # * add additional rules for additional services as needed + # +- "$IPT" "$1" INPUT -i eth0 -p tcp -s "$2" --destination-port 22 -j pam_shield ++ ++ "$IPT" "$TASK" INPUT -i eth0 -p tcp -s "$2" -j pam_shield + + # mail -s "[security] pam_shield blocked $2" root <<EOF + #Another monkey kept off our backs ...

8 years, 3 months

1
0
0 / 0

[pam_shield/f14/master] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance

by Carl Thompson

commit 9c0d78c1f5498c6df1bdb9a5e8bdcf8510f99070 Author: Carl Thompson <fedora(a)red-dragon.com> Date: Sat Apr 30 19:25:27 2011 -0500 patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance and creation if necessary before adding rules to iptables/ip6tables and dropped the destination port so it can be used for any service pam_shield.spec | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) --- diff --git a/pam_shield.spec b/pam_shield.spec index 4750314..9a35fc4 100644 --- a/pam_shield.spec +++ b/pam_shield.spec @@ -1,6 +1,6 @@ Name: pam_shield Version: 0.9.5 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Pam Shield - A pam module to counter brute force attacks Group: System Environment/Libraries @@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pam-devel, gdbm-devel Patch0: shield_purge_segfault.patch +Patch1: shield-trigger-iptables.patch %description This is a pam module that supports brute force blocking against pam @@ -21,6 +22,7 @@ authentication mechanisms. %prep %setup -q -n pam_shield-%{version} %patch0 -p0 -b .shield_purge_segfault +%patch1 -p0 -b .shield_trigger_iptables #disable debug by default sed -i -e 's/debug on/debug off/' shield.conf #change to block all users for failed attempts @@ -87,6 +89,11 @@ rm -rf %{buildroot} %{_sbindir}/shield-trigger-iptables %changelog +* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8 +- patches shield-trigger-iptables to insert rules instead of add +- and added checks for chain existance and creation if necessary +- before adding rules to iptables/ip6tables and dropped the +- destination port so it can be used for any service * Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7 - restored /var/lib/pam_shield to 700 * Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6

8 years, 3 months

1
0
0 / 0

[pam_shield/f13/master] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance

by Carl Thompson

commit c6a6325411fc69250947244ac394eb7cf276386b Author: Carl Thompson <fedora(a)red-dragon.com> Date: Sat Apr 30 19:23:24 2011 -0500 patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance and creation if necessary before adding rules to iptables/ip6tables and dropped the destination port so it can be used for any service pam_shield.spec | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) --- diff --git a/pam_shield.spec b/pam_shield.spec index 4750314..9a35fc4 100644 --- a/pam_shield.spec +++ b/pam_shield.spec @@ -1,6 +1,6 @@ Name: pam_shield Version: 0.9.5 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Pam Shield - A pam module to counter brute force attacks Group: System Environment/Libraries @@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pam-devel, gdbm-devel Patch0: shield_purge_segfault.patch +Patch1: shield-trigger-iptables.patch %description This is a pam module that supports brute force blocking against pam @@ -21,6 +22,7 @@ authentication mechanisms. %prep %setup -q -n pam_shield-%{version} %patch0 -p0 -b .shield_purge_segfault +%patch1 -p0 -b .shield_trigger_iptables #disable debug by default sed -i -e 's/debug on/debug off/' shield.conf #change to block all users for failed attempts @@ -87,6 +89,11 @@ rm -rf %{buildroot} %{_sbindir}/shield-trigger-iptables %changelog +* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8 +- patches shield-trigger-iptables to insert rules instead of add +- and added checks for chain existance and creation if necessary +- before adding rules to iptables/ip6tables and dropped the +- destination port so it can be used for any service * Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7 - restored /var/lib/pam_shield to 700 * Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6

8 years, 3 months

1
0
0 / 0

[pam_shield/el6/master] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance

by Carl Thompson

commit b24f62448759afae2b4a958ddfad711250b4c342 Author: Carl Thompson <fedora(a)red-dragon.com> Date: Sat Apr 30 19:21:58 2011 -0500 patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance and creation if necessary before adding rules to iptables/ip6tables and dropped the destination port so it can be used for any service pam_shield.spec | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) --- diff --git a/pam_shield.spec b/pam_shield.spec index 4750314..9a35fc4 100644 --- a/pam_shield.spec +++ b/pam_shield.spec @@ -1,6 +1,6 @@ Name: pam_shield Version: 0.9.5 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Pam Shield - A pam module to counter brute force attacks Group: System Environment/Libraries @@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pam-devel, gdbm-devel Patch0: shield_purge_segfault.patch +Patch1: shield-trigger-iptables.patch %description This is a pam module that supports brute force blocking against pam @@ -21,6 +22,7 @@ authentication mechanisms. %prep %setup -q -n pam_shield-%{version} %patch0 -p0 -b .shield_purge_segfault +%patch1 -p0 -b .shield_trigger_iptables #disable debug by default sed -i -e 's/debug on/debug off/' shield.conf #change to block all users for failed attempts @@ -87,6 +89,11 @@ rm -rf %{buildroot} %{_sbindir}/shield-trigger-iptables %changelog +* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8 +- patches shield-trigger-iptables to insert rules instead of add +- and added checks for chain existance and creation if necessary +- before adding rules to iptables/ip6tables and dropped the +- destination port so it can be used for any service * Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7 - restored /var/lib/pam_shield to 700 * Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6

8 years, 3 months

1
0
0 / 0

[pam_shield/el5/master] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance

by Carl Thompson

commit da97f830a52a25ab4c61aa48e368b1347da3f2c8 Author: Carl Thompson <fedora(a)red-dragon.com> Date: Sat Apr 30 19:20:09 2011 -0500 patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance and creation if necessary before adding rules to iptables/ip6tables and dropped the destination port so it can be used for any service pam_shield.spec | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) --- diff --git a/pam_shield.spec b/pam_shield.spec index 4750314..9a35fc4 100644 --- a/pam_shield.spec +++ b/pam_shield.spec @@ -1,6 +1,6 @@ Name: pam_shield Version: 0.9.5 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Pam Shield - A pam module to counter brute force attacks Group: System Environment/Libraries @@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pam-devel, gdbm-devel Patch0: shield_purge_segfault.patch +Patch1: shield-trigger-iptables.patch %description This is a pam module that supports brute force blocking against pam @@ -21,6 +22,7 @@ authentication mechanisms. %prep %setup -q -n pam_shield-%{version} %patch0 -p0 -b .shield_purge_segfault +%patch1 -p0 -b .shield_trigger_iptables #disable debug by default sed -i -e 's/debug on/debug off/' shield.conf #change to block all users for failed attempts @@ -87,6 +89,11 @@ rm -rf %{buildroot} %{_sbindir}/shield-trigger-iptables %changelog +* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8 +- patches shield-trigger-iptables to insert rules instead of add +- and added checks for chain existance and creation if necessary +- before adding rules to iptables/ip6tables and dropped the +- destination port so it can be used for any service * Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7 - restored /var/lib/pam_shield to 700 * Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6

8 years, 3 months

1
0
0 / 0

[pam_shield] patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance

by Carl Thompson

commit 80217bcc25c40f3b4b4197c6e2279418a10ff8e3 Author: Carl Thompson <fedora(a)red-dragon.com> Date: Sat Apr 30 19:16:36 2011 -0500 patched shield-trigger-iptables to insert rules instead of add and added checks for chain existance and creation if necessary before adding rules to iptables/ip6tables and dropped the destination port so it can be used for any service pam_shield.spec | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) --- diff --git a/pam_shield.spec b/pam_shield.spec index 4750314..9a35fc4 100644 --- a/pam_shield.spec +++ b/pam_shield.spec @@ -1,6 +1,6 @@ Name: pam_shield Version: 0.9.5 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Pam Shield - A pam module to counter brute force attacks Group: System Environment/Libraries @@ -13,6 +13,7 @@ Source3: shield-trigger-iptables.8.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pam-devel, gdbm-devel Patch0: shield_purge_segfault.patch +Patch1: shield-trigger-iptables.patch %description This is a pam module that supports brute force blocking against pam @@ -21,6 +22,7 @@ authentication mechanisms. %prep %setup -q -n pam_shield-%{version} %patch0 -p0 -b .shield_purge_segfault +%patch1 -p0 -b .shield_trigger_iptables #disable debug by default sed -i -e 's/debug on/debug off/' shield.conf #change to block all users for failed attempts @@ -87,6 +89,11 @@ rm -rf %{buildroot} %{_sbindir}/shield-trigger-iptables %changelog +* Sat Apr 30 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-8 +- patches shield-trigger-iptables to insert rules instead of add +- and added checks for chain existance and creation if necessary +- before adding rules to iptables/ip6tables and dropped the +- destination port so it can be used for any service * Sun Apr 10 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-7 - restored /var/lib/pam_shield to 700 * Sat Apr 9 2011 Carl Thompson <fedora(a)red-dragon.com> 0.9.5-6

8 years, 3 months

1
0
0 / 0

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

scm-commits May 2011