py-fail2ban Scans log files and bans IP that makes too many password failures

0.11.1_1 security =12 0.11.1_1Version of this port present on the latest quarterly branch.

Maintainer: theis@gmx.at

Port Added: 2009-01-13 18:22:37

Last Update: 2020-03-27 15:29:21

SVN Revision: 529264

People watching this port, also watch: curl, spamassassin, rsync, pcre, pkg

Also Listed In: python

License: GPLv2

Description:

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. WWW: http://www.fail2ban.org/wiki/index.php/Main_Page

SVNWeb : Homepage

There is no configure plist information for this port.

Dependency lines:

• py37-fail2ban>0:security/py-fail2ban

To install the port: cd /usr/ports/security/py-fail2ban/ && make install clean

To add the package: pkg install py37-fail2ban

PKGNAME: py37-fail2ban

Package flavors (<flavor>: <package>)

• py37: py37-fail2ban
• py27: py27-fail2ban

distinfo:

TIMESTAMP = 1578911137 SHA256 (fail2ban-fail2ban-0.11.1_GH0.tar.gz) = 71d2a52b66bb0f87ac3812246bdd3819ec561913cd44afd39130a342f043aa6d SIZE (fail2ban-fail2ban-0.11.1_GH0.tar.gz) = 538660

Dependencies

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:

1. py37-setuptools>0 : devel/py-setuptools@py37
2. python3.7 : lang/python37

Runtime dependencies:

1. py37-sqlite3>0 : databases/py-sqlite3@py37
2. py37-pyinotify>=0.8.3 : devel/py-pyinotify@py37
3. py37-setuptools>0 : devel/py-setuptools@py37
4. python3.7 : lang/python37

Extract dependencies:

1. python3.7 : lang/python37

There are no ports dependent upon this port

Configuration Options

===> The following configuration options are available for py37-fail2ban-0.11.1_1: DOCS=on: Build and/or install documentation INOTIFY=on: Support for (lib)inotify to monitor filesystem changes ===> Use 'make config' to modify these settings

USES:

python:patch shebangfix

pkg-message:

If installing:

Please do not edit the fail2ban.conf, jail.conf, or any other files in the distributen as they will be overwritten upon each upgrade of the port. Instead, create new files named *.local e.g. fail2ban.local or jail.local. For more information, see the official manual: http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Configuration If you have custom filters or actions and you are upgrading from 0.9.x please check them. Users of pf: please read the notes in action.d/pf.conf and the discussion at https://github.com/fail2ban/fail2ban/pull/1925 Please note that fail2ban will put curly braces '{}' around the ports in the action so you shouldn't do it yourself.

Master Sites:

1. https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.11.1?dummy=/

• 2017-11-30

  Affects: */py*

  Author: mat@FreeBSD.org

  Reason: 
    Ports using Python via USES=python are now flavored.  All the py3-* ports
    have been removed and folded into their py-* master ports.
  
    People using Poudriere 3.2+ and binary packages do not have to do anything.
  
    For other people, to build the Python 3.6 version of, for example,
    databases/py-gdbm, you need to run:
  
      # make FLAVOR=py36 install
  
  

Add new regexp to match invalid users to bsd-ssh filter.

I have observed a regression where the old expression was not
working. Looks like the regression was caused by the migration to
python 3.

As far as I can see the quarterly branch is not affected.

PR:		245097
Approved by: portmgr (blanket: run-time bugfix)

security/py-fail2ban: Update to 0.11.1

PR:		243325
Submitted by:	maintainer
Relnotes:	https://github.com/fail2ban/fail2ban/blob/0.11.1/ChangeLog
Sponsored by:	HAW international

Convert to UCL & cleanup pkg-message (categories s)

security/py-fail2ban: Add support for devel/py-pyinotify

* Enable support for devel/py-pyinotify that itself uses devel/libinotify to
  monitor changes in the filesystem. [1]

* Also introduce the new dependency as an additional default option INOTIFY
  while I'm here because it's not a hard requirement for runtime. [2]

PR:		238427
Submitted by:	Dmitry Wagin <dmitry.wagin@ya.ru> [1]
Approved by:	theis@gmx.at (maintainer) [1] [2]

security/py-fail2ban: Fix rc script

The rc.d script evaluates fail2ban_pidfile before rc.conf is read.

This change moves those evaluations to the corect place allowing
users to override the values via /etc/rc.conf as expected.

PR:		236017
Reported by:	<epopen gmail com>, Dmitry Wagin <dmitry.wagin ya ru>
Submitted by:	<theis gmx at> (maintainer)
MFH:		2019Q2

security/py-fail2ban: Update to 0.10.4

PR:		231947
Submitted by:	theis@gmx.at (maintainer)

security/py-fail2ban: Fix writing /etc/hosts.deny entries

PR:		227577
Submitted by:	theis@gmx.at (maintainer)
Reported by:	Niels Bakker <niels=freebsd@bakker.net>

Use PY_FLAVOR for dependencies.

FLAVOR is the current port's flavor, it should not be used outside of
this scope.

Sponsored by:	Absolight

security/py-fail2ban: Update to 0.10.3.1

Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog

PR:		227424
Submitted by:	theis@gmx.at (maintainer)

security/py-fail2ban: Update to 0.10.3

Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog

PR:		227389
Submitted by:	theis@gmx.at (maintainer)

Fix build with Python != 2.7

Pointy hat:	pi
Sponsored by:	Absolight

security/py-fail2ban: update 0.10.1 -> 0.10.2

- many fixes from upstream for bugs in the 0.10.x version
- automatic upgrade of python code to python3, if that is used

PR:		225317
Submitted by:	theis@gmx.at (maintainer)
Changes:	https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog

Convert Python ports to FLAVORS.

  Ports using USE_PYTHON=distutils are now flavored.  They will
  automatically get flavors (py27, py34, py35, py36) depending on what
  versions they support.

  There is also a USE_PYTHON=flavors for ports that do not use distutils
  but need FLAVORS to be set.  A USE_PYTHON=noflavors can be set if
  using distutils but flavors are not wanted.

  A new USE_PYTHON=optsuffix that will add PYTHON_PKGNAMESUFFIX has been
  added to cope with Python ports that did not have the Python
  PKGNAMEPREFIX but are flavored.

  USES=python now also exports a PY_FLAVOR variable that contains the

- Patch for user of pf

PR:		223069
Submitted by:	theis@gmx.at(maintainer)

- Update to 0.10.1

PR:		223022
Submitted by:	theis@gmx.at(maintainer)

- Update t0 0.10
- Update pkg-message

PR:		221442
Submitted by:	theis@gmx.at(maintainer)

Update to 0.9.7 [1]

- Fix shebang line of fail2ban-python in apache-fakegooglebot [2]
- While I'm here:
  - Add missing OPTIONS_DEFINE=DOCS
  - Use SHEBANG_LANG
  - Convert to options target helper

Changes:	https://github.com/fail2ban/fail2ban/blob/0.9/ChangeLog
PR:		219733 [1], 219419 [2]
Submitted by:	<theis@gmx.at> (maintainer) [1], Lukasz Wasikowski
<lukasz@wasikowski.net> [2]

Update fail2ban to version 0.9.6

PR:		215239
Submitted by:	John W. O'Brien <john@saltant.com>
Reviewed by:	matthew
Approved by:	theis@gmx.at (maintainer), matthew (mentor)
Differential Revision:	https://reviews.freebsd.org/D8917

Update to version 0.9.5

PR:		211262
Submitted by:	maintainer

- Fix trailing whitespace in pkg-messages

Approved by:	portmgr blanket

security/py-fail2ban: Fix for Bug #1417 / #1419

For details see https://github.com/fail2ban/fail2ban/pull/1419

PR:		209494
Submitted by:	theis@gmx.at (maintainer)

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

Update to upstream version 0.9.4

PR:		207886
Submitted by:	theis@gmx.at (maintainer)

security/py-fail2ban: Modernize and cleanup

- Use autoplist, update pkg-plist accordingly, deprecate py3kplist
- Remove unnecessary PYDISTUTILS_PKGVERSION and --install-purelib args
- Cleanup a REINPLACE to be more explicit
- Add do-test target
- Regenerate patches (makepatch compatible)
- Add NO_ARCH
- Sort and group USE{S,_*} entries

PR:		204373
Approved by:	maintainer <theis gmx at>

security/py-fail2ban: update 0.9.2 -> 0.9.3

- Add LICENSE_FILE

PR:		202026
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

- Fix shebangs

Approved by:	portmgr blanket
MFH:		2015Q3 (blanket)

Update ports in the s* categores to not use GH_COMMIT.

With minor cleanups to make things simpler.

With hat:	portmgr
Sponsored by:	Absolight

Remove deprecated GH_COMMIT (DEVELOPER=yes warning)

Update fail2ban to version 0.9.2

PR:     200002
Submitted by:   theis@gmx.at (maintainer update)

- Fix build with python3*
- Do not silence installation message

PR:		196336
Submitted by:	Kevin Zheng <kevinz5000@gmail.com>
Approved by:	<theis@gmx.at> (maintainer)

- Update to 0.9.1

PR:		194815
Submitted by:	theis@gmx.at(maintainer)

- Convert ports of science/ and security to new USES=python

Approved by:	portmgr (implicit)

Fix recidive jail.
Add a patch for the recidive jail from upstream.

PR:     193751
Submitted by:   theis@gmx.at (maintainer update)

- Patch a script to use the right syslogd socket (/var/run/log)
- Remove .keep_me files because pkg can handle empty directories

PR:		193621
Submitted by:	theis@gmx.at (maintainer)

Formally create the /var/run/fail2ban directory

Install manpages [1] and create /var/{run,db} directories [2]

PR:		ports/189781 [1], ports/189376 [2]
Approved by:	maintainer

- Update to 0.9.0
- While I'm here:
  - Move RUN_DEPENDS upwards
  - Fix space/tab

Changes:	https://github.com/fail2ban/fail2ban/blob/master/ChangeLog
PR:		ports/188426
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

Remove unnecessary inclusion of bsd.port.options.mk.

- Update to 0.8.12

Changes:	https://github.com/fail2ban/fail2ban/releases
PR:		ports/186683
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

Python cleanup:
- USE_PYTHON* = 2.X -> USE_PYTHON* = 2
- USE_PYTHON* = 2.X+ -> USE_PYTHON* = yes
Reviewed by:	python (mva, rm)
Approved by:	portmgr-lurkers (mat)

- Fix PLIST
- Bump PORTREVISION for package change

PR:		ports/184336
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

- Update to 0.8.11

Changes:	https://github.com/fail2ban/fail2ban/releases
PR:		ports/184213
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

- Update to 0.8.10

Changes:        https://raw.github.com/fail2ban/fail2ban/master/ChangeLog
PR:             ports/179528
Submitted by:   Christoph Theis <theis@gmx.at> (maintainer)

- Remove MAKE_JOBS_SAFE variable

Approved by:	portmgr (bdrewery)

- Update to 0.8.9 [1]
- Make additional documentation installation conditional
  (note: run-rootless.txt not installed as not relevant for FreeBSD)

Changes:        https://raw.github.com/fail2ban/fail2ban/master/ChangeLog
PR:             ports/179426 [1]
Submitted by:   Christoph Theis <theis@gmx.at> (maintainer)

Remove patch unneded in 0.8.8

PR:     176426
Submitted by:   Christoph Theis <theis@gmx.at> [maintainer]

- Update to 0.8.8

Changes:        https://raw.github.com/fail2ban/fail2ban/master/ChangeLog
PR:             ports/176368
Submitted by:   Christoph Theis <theis@gmx.at> (maintainer)

- do not hardcode path to grep utility

PR:		176058
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

- Fix all cases of 'No newline at end of file' in ports tree

Approved by: portmgr (bapt)

Minor enhancements:

1) Add a fix for https://github.com/fail2ban/fail2ban/issues/91 (Spurious
UTF8 in SYSLOG is not fully fixed)
2) Add a filter for sendmail, the default mailer on FreeBSD
3) Make the ipfw table used in the action bsd-ipfw configurable

PR:		ports/173956
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

- correct displaying of pkg-message

while here:
- use one space in Created by:
- some whitespace aligning
- correct python versions in USE_PYTHON
- use PYDISTUTILS_PKGVERSION to set correct package version instead of crafting
  full PYDISTUTILS_EGGINFO
- remove trailin whitespace in pkg-descr and unneded newlines in pkg-message

PR:		174044
Submitted by:	Sayetsky Anton <vsjcfm@gmail.com>
Approved by:	Christoph Theis <theis@gmx.at> (maintainer)
Feature safe:	yes

- Update to 0.8.7.1
- Fix installation so it doesn't overwrite your config files every time you
  upgrade the port
- Fix some space/tab issues to make portlint happy
- Use dirrmtry in a few places because some people have their own custom
  filters, actions, etc.

PR:		ports/171708
Submitted by:	Mark Felder <feld@feld.me>
Approved by:	Christoph Theis <theis@gmx.at> (maintainer)
Feature safe:	yes

- Update to 0.8.6

PR:             ports/164829
Submitted by:   Christoph Theis <theis@gmx.at> (maintainer)

In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

- fix reg. expression in filter.d/common.conf
- over to new maintainer

PR:             ports/157979
Submitted by:   Christoph Theis <theis _at_ gmx.at> (new maintainer)

- Include configuration file for pf.
- Add patch for supporting syslogd -v or -vv.

PR:             ports/157318
Submitted by:   Nick Hilliard <nick@foobar.org>
Approved by:    maintainer timeout

Expand the range of supported Python versions and
pacify portlint(1).

PR:             ports/154374
Submitted by:   Jase Thew <freebsd@beardz.net>
Approved by:    maintainer timeout

- Assign to new volunteer

Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#

- Update to 0.8.4

PR:             ports/143020
Submitted by:   Kevin Kobb <kkobb@skylinecorp.com>

- rc.d fix [2]
- broken on 2.6, 2.3 is gone, and 2.4 is gone soon, so only 2.5 [1]

PR:             ports/142849 [2]
Submitted by:   Krzysztof Stryjek <admin@bsdserwis.com> [1], miwi [2]

- sort pkg-list

- Update to 0.84
- Install sample jail.conf and fail2ban.conf files so that when users
   modify the fail2ban.conf and jail.conf files they are not removed.
- Add an IPFW example using IPFW tables
- Created freebsd sshd and ftp example conf files.

Submitted by:   Ken Menzel <kmenzel@whisolutions.com> (via e-mail)

- Switch SourceForge ports to the new File Release System: categories starting
with P,R,S

- Correct regex for the defaults in FreeBSD

Submitted by:   "Bakker, Johan" <johan_bakker@epson.eu>

Fix a few "bad example" problems in the rc.d scripts that have been
propogated by copy and paste.

1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).

No PORTREVISION bumps because all of these changes are noops.

- Add an rc.d script

Submitted by:   sd@mostnet.ru (via e-mail)

- Mark most of my ports MAKE_JOBS_SAFE=yes

Tested by: several builds in P6 TB

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log
and bans IP that makes too many password failures. It updates
firewall rules to reject the IP address.

WWW: http://www.fail2ban.org/wiki/index.php/Main_Page

16 vulnerabilities affecting 89 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2020-05-31 11:54:41