/[smeserver]/rpms/e-smith-openssh/sme9/e-smith-openssh-2.4.0-ssh_autoblock.patch
ViewVC logotype

Annotation of /rpms/e-smith-openssh/sme9/e-smith-openssh-2.4.0-ssh_autoblock.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Fri Apr 4 23:13:07 2014 UTC (10 years, 7 months ago) by burnat
Branch: MAIN
CVS Tags: e-smith-openssh-2_4_0-4_el6_sme
* Sat Apr 5 2014 Chris Burnat <devlist@burnat.com> 2.4.0-4.sme
- Add ssh-autoblock for external interface - patch by Chris Maltby [SME: 8258]

1 burnat 1.1 --- e-smith-openssh-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/42CreateSSHAutoblock.orig 2014-03-07 13:19:05.000000000 +1100
2     +++ e-smith-openssh-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/42CreateSSHAutoblock 2014-04-04 13:24:36.000000000 +1100
3     @@ -0,0 +1,15 @@
4     +{
5     + my $abtries = ${'sshd'}{'AutoBlockTries'} || "4";
6     + my $abtime = ${'sshd'}{'AutoBlockTime'} || "900";
7     +
8     + $OUT .=<<"EOF";
9     +
10     + # Use recent packets match to block SSH from sites generating
11     + # $abtries connections within $abtime seconds or $abtries2 in $abtime2
12     + # Check/clear IP block status in /proc/net/ipt_recent/SSH
13     + /sbin/iptables --new-chain SSH_Autoblock
14     + /sbin/iptables --append SSH_Autoblock -m recent --set --name SSH
15     + /sbin/iptables --append SSH_Autoblock -m recent --rcheck --rttl \\
16     + --seconds $abtime --hitcount $abtries --name SSH -j denylog
17     +EOF
18     +}
19    
20     --- e-smith-openssh-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90InboundTCP07FilterSSH.orig 2014-03-07 13:18:57.000000000 +1100
21     +++ e-smith-openssh-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90InboundTCP07FilterSSH 2014-04-04 13:24:45.000000000 +1100
22     @@ -0,0 +1,13 @@
23     +{
24     + my $sshd_autoblock = ${'sshd'}{'AutoBlock'} || "enabled";
25     + my $sshd_public = ${'sshd'}{'access'} || "private";
26     + my $sshd_port = ${'sshd'}{'TCPPort'} || "22";
27     +
28     + if ($sshd_autoblock eq "enabled" && $sshd_public eq "public" ) {
29     + $OUT = " # SSH autoblock enabled - send new SSH connects through recent IPs filter\n";
30     + $OUT .= " /sbin/iptables --append \$NEW_InboundTCP --proto tcp --dport $sshd_port \\\n";
31     + $OUT .= " -m state --state NEW -j SSH_Autoblock\n"
32     + } else {
33     + $OUT = " # SSH autoblock disabled or sshd access is private\n";
34     + }
35     +}
36    
37     --- e-smith-openssh-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSSHAutoblock.orig 2014-03-02 12:58:57.210293210 +1100
38     +++ e-smith-openssh-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSSHAutoblock 2014-04-04 13:24:18.000000000 +1100
39     @@ -0,0 +1,12 @@
40     +{
41     + my $abtries = ${'sshd'}{'AutoBlockTries'} || "4";
42     + my $abtime = ${'sshd'}{'AutoBlockTime'} || "900";
43     +
44     + $OUT .=<<"EOF";
45     +
46     + /sbin/iptables --replace SSH_Autoblock 2 -m recent --rcheck --rttl \\
47     + --seconds $abtime --hitcount $abtries --name SSH -j denylog
48     + # Clear SSH_Autoblock site history too
49     + echo clear > /proc/net/xt_recent/SSH
50     +EOF
51     +}
52    
53     --- e-smith-openssh-2.2.0/root/etc/e-smith/db/configuration/defaults/sshd/AutoBlock.orig 2014-03-19 14:02:47.000000000 +1100
54     +++ e-smith-openssh-2.2.0/root/etc/e-smith/db/configuration/defaults/sshd/AutoBlock 2014-04-04 13:24:41.000000000 +1100
55     @@ -0,0 +1 @@
56     +enabled
57    
58     --- e-smith-openssh-2.2.0/root/etc/e-smith/db/configuration/defaults/sshd/AutoBlockTries.orig 2014-03-19 14:02:47.000000000 +1100
59     +++ e-smith-openssh-2.2.0/root/etc/e-smith/db/configuration/defaults/sshd/AutoBlockTries 2014-04-04 13:24:47.000000000 +1100
60     @@ -0,0 +1 @@
61     +4
62    
63     --- e-smith-openssh-2.2.0/root/etc/e-smith/db/configuration/defaults/sshd/AutoBlockTime.orig 2014-03-19 14:02:47.000000000 +1100
64     +++ e-smith-openssh-2.2.0/root/etc/e-smith/db/configuration/defaults/sshd/AutoBlockTime 2014-04-04 13:24:52.000000000 +1100
65     @@ -0,0 +1 @@
66     +900
67    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed