From fb077616b6dd62e8c617574897da88143c73d0a2 Mon Sep 17 00:00:00 2001 From: Dexter Gaon-Shatford Date: Mon, 10 Jul 2023 20:48:08 -0400 Subject: [PATCH] fail2ban: add filter for sshd with socklog The sshd filter distributed with fail2ban does not work properly with socklog out of the box. Ideally, socklog would have comprehensive support upstream, but the configuration to make it work with *just* sshd is very straighforward and the fail2ban package should be able to protect sshd out of the box with void's preferred syslog implementation. This change doesn't override any of fail2ban's default configuration. It adds a new filter defined in `sshd-socklock.conf` which inherits from the default `sshd.conf` and overrides only what is needed to make it work. --- srcpkgs/fail2ban/files/filter.d/sshd-socklog.conf | 12 ++++++++++++ srcpkgs/fail2ban/template | 3 ++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/fail2ban/files/filter.d/sshd-socklog.conf diff --git a/srcpkgs/fail2ban/files/filter.d/sshd-socklog.conf b/srcpkgs/fail2ban/files/filter.d/sshd-socklog.conf new file mode 100644 index 000000000000..dc6cc6e05444 --- /dev/null +++ b/srcpkgs/fail2ban/files/filter.d/sshd-socklog.conf @@ -0,0 +1,12 @@ +# Fail2Ban filter for openssh, modified to work with socklog on Void Linux. +# +# The default logpath for sshd's output under socklog is +# /var/log/socklog/secure/current + +[INCLUDES] +before = sshd.conf + +[Definition] +prefregex = ^ auth[a-z]*\.[a-z]+: \w{3} \d{2} \d{2}:\d{2}:\d{2} <_daemon><__pid_re>: .+$ + +# Author: Dexter Gaon-Shatford diff --git a/srcpkgs/fail2ban/template b/srcpkgs/fail2ban/template index 6538155a42a4..1b9b021cfe57 100644 --- a/srcpkgs/fail2ban/template +++ b/srcpkgs/fail2ban/template @@ -1,7 +1,7 @@ # Template file for 'fail2ban' pkgname=fail2ban version=1.0.2 -revision=1 +revision=2 build_style=python3-module hostmakedepends="pkg-config python3" depends="python3" @@ -25,4 +25,5 @@ pre_build() { post_install() { vsv fail2ban + vcopy ${FILESDIR}/filter.d/*.conf etc/fail2ban/filter.d }